sql injection attack prevention with parameterized queries code example
Example: avoid sql injection in password field
$password = mysqli_real_escape_string($conn,md5($_POST['password']));
$password = mysqli_real_escape_string($conn,md5($_POST['password']));