sql injection login example

This sql query:-SELECT * FROM users WHERE login='admin' AND password='1' OR '1'='1'; evaluates to SELECT * FROM users WHERE login='admin' AND TRUE. vtoto 88 login so it will select rows where login column value is admin. vtoto 88 login It can be used to bypass the login It has a serious SQL injection vulnerability Its better to use Prepared Statement