mamiwinsfall93/SQL injection Mitigation

## SQL injection Mitigation
<?php
if(isset($_POST['submit'])){
$name_bad = $_POST['name'];

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "<span style='color:green'>Escaped Bad Injection: <br />" . $query_bad . "<br />";
echo "mysql_real_escape_string() function has helped escape mysql injections<br><br></span>";
}

?>

<form method="post">
<label>Please Insert 'OR 1' (with single quotes as it is i.e. 'OR 1') </label><br>
	<input type="text" name="name"><br>
	<input type="submit" name="submit" value="submit">
</form>
	<?php
	if(isset($_POST['submit'])){
	$name_bad = $_POST['name'];

	$name_bad = mysql_real_escape_string($name_bad);

	$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
	echo "<span style='color:green'>Escaped Bad Injection: <br />" . $query_bad . "<br />";
	echo "mysql_real_escape_string() function has helped escape mysql injections<br><br></span>";
	}

	?>

	<form method="post">
	<label>Please Insert 'OR 1' (with single quotes as it is i.e. 'OR 1') </label><br>
	<input type="text" name="name"><br>
	<input type="submit" name="submit" value="submit">
	</form>