-1
   $query = "SELECT username,hash FROM pwtable WHERE username='" . $_GET["user"] . "'"; 

echo("Running query:".$query."");

$result = mysqli_query($c, $query);
RF1991
  • 1,408
  • 1
  • 6
  • 12
liorxcohen
  • 1
  • 1
  • 3
    You solve it reliably by using prepared statements, not by escaping and interpolating variables into a query. – Markus AO May 08 '22 at 12:04

0 Answers0