[Height]

Can anyone explain me what is MYSQL injection? How it happens? Where it is done? In what ways it is done? What are the ways to prevent it? I need the help because i dont whats an SQL inject

[Vince]

Escape any and all user input. That's basically it. SQL injection is done by inserting characters that have special meanings in an SQL query. Such as:

PHP код:

select id from players where name = '%s' and password = '%s' 


and the player inputs a "password":

PHP код:

abc'; drop table players; -- 


Final query will look like

PHP код:

select id from players where name = 'aplayer' and password = 'abc'; drop table players; --'