Parameterized queries in PHP with MySQL connection

Question

I\'ve read about SQL injection so I tried it with my site and of course it worked.. I know that the solution is parameterized queries and I also know that there are a lot of

Answer 1

use:

$userPass = mysqli_real_escape_string($mysqli,$_POST["password"]);

This block the '' or '=' thing thing :) where $mysqli is your connection string ofc.