This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
i have a problem with mycode '=''or'
$connect= mysqli_connect($host, $user, $password, $database);
if (isset($_POST["sub"])){
$userr =$_POST["username"];
$passs =$_POST["password"];
$password = hash('sha256', $passs);
$query="select * from user WHERE username='$userr'AND password='$password'";
$run=mysqli_query($connect,$query);
if(mysqli_num_rows($run))
{
header("Location: index.php");
$_SESSION['username']=$userr;
exit;
}
else {
$pri ='<center><br/> error </center>';
}
}
mysqli_close($connect);
so when anyone doing bypass using '=''or'
it will go to index.php
I don't know really how to fix it ..
</div>