Categories
Mastering Development

Prevent from SQL Injection – PHP Mysqli [duplicate]

I want to improve my code from SQL Injection Attacks. But I have a small problem. I want on a Login page to prevent attacks. So my users need to enter their email and password. My password is md5 stored in DB.

My db connection:

<?php
    $con = mysqli_connect("localhost","root","","test");
?>

Code I want to improve in Login page:

$customer_email = $_POST['c_email'];
$customer_pass = $_POST['c_pass'];

I used this method:

$customer_email = mysqli_real_escape_string($_POST['c_email']);
$customer_pass = mysqli_real_escape_string($_POST['c_pass']);

But with this method my users can’t log in. That is a problem, where I’m wrong?

Leave a Reply

Your email address will not be published. Required fields are marked *