I created this simple function and want to know that if it is enough for preventing SQL Injection.
$sub_username = encr(mysqli_real_escape_string($conn, $_POST['username']));
$sub_password = encr(mysqli_real_escape_string($conn, $_POST['password']));
$sql = "SELECT password FROM login WHERE username='$sub_username'";
$result = mysqli_query($conn, $sql);
function encr($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
}
