Protect from SQL injections?

Asked Apr 28 '16 at 10:47

Active Apr 28 '16 at 10:52

Viewed 42 times

I currently have a successfully created a login following my recent post - Simple SQL query selecting from table where email = email

I've encrypted the password, but unsure on how I can offer protection from SQL injections, could anyone please offer some suggestions or resources on how I can protect my script please ?

$user = stripslashes($user);
$pass = stripslashes($pass);
$password = md5 ( $pass );
$sql = "SELECT * FROM members WHERE email='$email' AND password='$password'";

$result = mysqli_query( $connect, $sql);

$row = mysqli_fetch_array($result);

if(!$row){

        echo "Incorrect Username or password";

    }
    else{
        echo "Logged in";
    }


mysqli_close( $connect );

edited May 23 '17 at 11:59

Community

asked Apr 28 '16 at 10:47

Ryan

No its not safe use `prepare statement` – Saty Apr 28 '16 at 10:48
You can use mysqli prepare statement – KiwiJuicer Apr 28 '16 at 10:48
Use parameter markers instead. – jarlh Apr 28 '16 at 10:49

Protect from SQL injections?

0 Answers0