如何避免username和password为1' or '1'='1这样的万能帐户登陆系统?
username=request("username")
password=request("password")
username="'"&username&"'"
password="'" & password & "'"
sql="select * from testtable where username=" & username & " and password=" & password
请问如何改进上述代码避免出现
username和password为1' or '1'='1这样的万能帐户登陆系统?