0
0
jessica
answered May 17 '22 00:00
php function mysql_real_escape_string use to escape single quote and double quote to avoid exposing SQL
$username=$_REQUEST['username'];
$sel="select * from where username=".mysql_real_escape_string($username);