What is "sql-injection"
The SQL injection, better known by the American term SQL Injection, is a type of security threat that takes advantage of failures in systems that interact with databases via SQL. SQL injection occurs when the attacker is able to insert a series of SQL statements within a query (query) by manipulating the data entries of an application.
Unfortunately the overwhelming majority of the questions you have here query are subject to this type of attack, and some responses say nothing about it, in a way encourage people to keep making this mistake. So be careful what you read, you may be being induced to do something wrong and serious. Your server may be hacked and you don’t even know.
We have questions here that we can consider as canonical and reading them will learn a lot of what you need to solve your problem: