sql injection prevention code example Example: avoid sql injection in password field $password = mysqli_real_escape_string($conn,md5($_POST['password']));