$query = "SELECT user,pass FROM login WHERE user='$username' AND The most easiest way to prevent SQL Injection Attacks in PHP is to use 'Prepared .