A command that is very important to use is the addslashes at the time of receiving the login data, because it prevents you from being a victim of sql inject because it puts a \
before each quotation so helping to protect you from sql inject for example:
$email = addslashes($_POST['email']);
$senha = addslashes($_POST['senha']);
detailed information addslashes
For example if you do not use addslashes the user can type in the password field and send you this ' or '1'='1 then when you do your query will look like this
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='' or '1'='1'
And so he was able to access your session, but with addslashes you’re safe while at it
Example using addslashes:
SELECT email,senha FROM usuarios WHERE email='qualquer coisa' senha='\' or \'1\'=\'1'
This will cause error in the query but it will not access your information
OK. I voted to close.
– Joao Paulo
It excludes my answer. I couldn’t give a good answer, so I couldn’t give it. And now I also saw that it’s a possible duplicate.
– Emerson Rocha