//Function for sql injection
function sqlInjection($data){
$data = stripslashes($data);
$date = mysqli_real_escape_string($data);
return $data;
}
USAGE
// To protect MySQL injection
$email = sqlInjection($email);
$password = sqlInjection($password);
$sql="SELECT * FROM users WHERE email='$email' and password='$password'";
$result=mysqli_query($con,$sql);