我目前在最近的帖子Simple SQL query selecting from table where email = email
之后成功创建了一个登录信息我已加密密码,但不确定如何提供SQL注入保护,有人可以提供一些关于如何保护我的脚本的建议或资源吗?
$user = stripslashes($user);
$pass = stripslashes($pass);
$password = md5 ( $pass );
$sql = "SELECT * FROM members WHERE email='$email' AND password='$password'";
$result = mysqli_query( $connect, $sql);
$row = mysqli_fetch_array($result);
if(!$row){
echo "Incorrect Username or password";
}
else{
echo "Logged in";
}
mysqli_close( $connect );