i learnt that sql can be hacked easily with codes called injections, does anybody know how to prevent that using parameters

james's right, sql is just a language... but a system like a web site, who can be hacked... you can also fix this with exclusions, those characters like: / * "... must be excluded

injections normally are done through webpages to confuse the page code to submit nocive sql commands. the prevention will depends on wich programming language you used on your website or program.

Use mysqli_real_escape_string to prevent it from hackers or malicious codes. Peace

It is not SQL that is hacked, but the system that passes the parameters to SQL. SQL injections should be prevented on that level (validating the parameter values, etc.)

how do you do that, you got a link!!?

Preventing SQL injection a brief info for C# coder: https://youtu.be/QKhHkEmv3Kw

Hi, long story short, the usage of parameters ist by itself a way to prevent SQL injection. When you use dynamically generated queries you are opening a breach in your code. There must be further consideration of the top layers handling your access to the data. However, by making sure that you are implementing parameterized queries is being one step ahead of most common vulnerabilities.