hi,all i just tried to hack in to my own site to see how secure it was and how i wanna clean up my code so no one can hack into my site using sql injections this is my login code
[code=php]
<?php
session_start();
$msg_pass=””;
$msg_user=””;
$username=trim($_POST[‘username’]);
$password=trim($_POST[‘password’]);
if($username && $password)
{
//include database
$cQuery=”SELECT username,password FROM users WHERE username='”.$username.”‘”;
$rs=mysqli_query($con,$cQuery);
if($rs)
{
$count=mysqli_num_rows($rs);
if($count>0)
{
$ushapass=sha1($password,TRUE);
$data=mysqli_fetch_assoc($rs);
if($data[‘password’]==$shapass)
{
$_SESSION[‘user’]=$username;
}
else
{
$msg_pass=”Wrong Password,Please Try again”;
}
}
else
{
$msg_user=”Wrong Username,Please Try again”;
}
}
else
{
echo “Unable to excute the query:”.mysqli_errno($con);
}
}
That is my Login code how can i go about fixing the sql injection in the login code can anyone help