@MHGAMERZ369

Use Parameterized queries to avoid injection

@AnimeRookie

Few Options to avoid this 
- Sanitize the input 
- Use prepared statement 
- Dont just Return true and false have an object return which can be checked before completing the circuit 


ORM is a good option but it is always not the answer when you are writing a backend in something like Go or C# its always good to understand why and how these problems can be avoided rather than just plain out ootb solutions

@fire_aag

Solution: Use Body validation...
Avoid special characters, and allow few

@mernmasteryshorts

Why are so many Indian tech YouTubers popping up these days?

Because in India, if you fail computer science, you don’t change careers—
you just start a YouTube channel and teach it instead!

@DebdutBiswasOnline

Prepared statements, parameterized queries used in those old php days. Today ORM is the solution in python and node, in Java spring JPA.

@the_zuraiz

1st make credentials as encrypted (This make any sql injection to another shape) and then send data through response body (This makes data hidden through out the API)..

@idlecoders

Just use the hash package. Or my solution is to create two modules
1) base64encode 2)base64decode 
Then make them a perfect encryptor with a random tokenization method and more layers. then receive the input values as encrypted, then SQL it then if matched decrypt them and show or store the state.,
When creating an account, make sure you encrypt values and store them in a table or database.

 That's easy, right?

@abhaypandey4889

The easiest way to avoid this would be to not accept special characters. If you are just a student you can start there.

@NirmalKumar-sc5tk

If you are running direct SQL queries based on user input, you have bigger things to worry about

@Mohit_baraiya

If we use laravel then we can use htmlspecialchar function that filter the data if user enter any html data or any query then it will filter it and don't allow that

@zbgn

Try this 

User : 'or 1=1 limit 1 -- -+
Pass : 'or 1=1 limit 1 -- -+

@04_anirbansadhu37

use parameterized query , removes special character using regex , input type checking , also remote access limitation( server accessible by only a certain host )

@anikethjana416

That's why in java Preparedstatement if using JDBC , else if using ORM , you don't even write queries :)

@ramue3339

To say this in simple terms. Some tutorials teaches entire software engineering

@kingpaimon6086

Solution: always sanitize the user inputs for any malicious input

@sanjivsamal2845

That's why you should use body validation schemas

@Ali-Dev-v1n

is ka solution in HTML = {%  crf token %} before script of login page (For Django)

@forfollower4892

Just Use prepared Method and use validation ✅

@bhinoCodes

Thats why i  use nosql

@spdr4717

Road blocks, authentication,  is one..