I want to improve my code from SQL Injection Attacks. But I have a small problem. I want on a Login page to prevent attacks. So my users need to enter their email and password. My password is md5 stored in DB.
My db connection:
<?php $con = mysqli_connect("localhost","root","","test"); ?>
Code I want to improve in Login page:
$customer_email = $_POST['c_email']; $customer_pass = $_POST['c_pass'];
I used this method:
$customer_email = mysqli_real_escape_string($_POST['c_email']); $customer_pass = mysqli_real_escape_string($_POST['c_pass']);
But with this method my users can’t log in. That is a problem, where I’m wrong?