$username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$username = $pdo->quote($_POST['username']); $password = $pdo->quote($_POST['password']); $query = "SELECT * FROM users WHERE username=$username AND password=$password";In both examples, the `escape_string` function ensures that any special characters in the username and password fields are properly escaped before they are included in the database query, reducing the risk of SQL injection attacks. The mysqli_escape_string function is part of the MySQL Native Driver (mysqlnd) library, which is a plugin for PHP that allows MySQL database interactions. The PDO quote() function is part of the PDO library, a PHP extension that provides a database access abstraction layer to communicate with various databases.