Suppose we build an Aql query as follows:
SELECT * FROM user WHERE username = & # 39; username & # 39; AND password = & # 39; password & # 39;
If we blocked the characters (") and (& # 39;), will an attacker ever be able to?
Here is my regex statement
/["']/ and if there are matches, the request is blocked. I also try to avoid the use of mysqli to prepare.