SQlite PHP injection

1

Hello everyone! I am currently using sqlite in a personal project and am using this class: link

When I use the query function of it, I'm inferable from SQLinjection, for example in this example:

$login=$database ->get_row('SELECT * from usuarios where login="'.$login.'" and senha="'.$senha.'"',$resultado);

When using the quotes, it breaks my query and ends up being exposed to sql injection. I tried to do some things but I did not succeed in preventing this. Could someone help me?

    
asked by anonymous 25.08.2017 / 03:17

0 answers