Secure Web Panel From SQL Injection

We can get admin access by using these strings.Username:|' or 1=1 limit 1 -- -+  |Password:|' or 1=1 limit 1 -- -+  |We have to find post data directory of username and password.

The easy method is to find post data dir: Goto admin/index.php and note which PHP page you used to post admin data.Query of form will as: <form method="POST" action="login_check.php" name="form" >Login_check.php (Might be changed on your own) is form of posting user data.Now we have to go login_check.php to find dir of user data like username and password.Query will as :$username=$_POST['username'];$password=$_POST['password'];Now it's simple to add little query at post data dir.Quer is : mysql_real_escape_string(htmlspecialchars(      ----(For username)mysql_real_escape_string(htmlspecialchars(md5(  ----(For password)After adding query to data dir script will as :$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));$password = mysql_real_escape_string(htmlspecialchars(md5($_POST['password'])));After adding this little query admin page can't bypass. Page will give you an error message.Error: Please enter correct detail!  (Might Be Your's Own)