var params = {
username: { value: form.username, sqltype: "varchar" },
password: { value: form.password, sqltype: "varchar" }
};
var data = queryExecute(
"SELECT * FROM users WHERE username=:username AND password=:password",
params
);
Use parameters for all user-submitted data to protect against SQL injection.
var params = {
username: { value: form.username, sqltype: "varchar" },
password: { value: form.password, sqltype: "varchar" }
};
var data = queryExecute(
"SELECT * FROM users WHERE username=:username AND password=:password",
params
);