如何改进此代码以使其处理带有引号的注入和输入?
$result = $conn->query("select bookName from Book");
echo "<select name='bookName'>";
while ($row = $result->fetch_assoc()) {
unset($bookName);
$bookName = $row['bookName'];
echo '<option value="'.$bookName.'">'.$bookName.'</option>';
}