$username = "john_doe"; $password = "pass' OR '1'='1"; // Escape the user input before passing it to the database $username = mysqli_real_escape_string($conn, $username); $password = mysqli_real_escape_string($conn, $password); // Prepare the SQL statement $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysqli_query($conn, $sql);
$user_data = array( "username" => "jane_doe", "email" => "jane_doe@example.com", "address" => "123 Main St', NULL, '1" ); // Escape all the values in the array foreach ($user_data as $key => $value) { $user_data[$key] = pg_escape_string($value); } // Insert the escaped data into the database pg_insert($conn, 'users', $user_data);In this example, an array of user data is escaped using the pg_escape_string function before being inserted into a PostgreSQL database using the pg_insert function. Package library: pgsql