perform SQL injection and patch it
$sql="SELECT * FROM Reg_Stud WHERE Username='$var1' AND RegID=$var2 "; this is the code... i tried the input Username =anything' OR 'x'='x ID =12 or 1=1 no sign of sql injection...but when i just give the 1st argument and end it by commenting the rest...it gives sql error i.e anything' OR 'x'='x;-- ...