Injection principle:
1, normal sql:
select * from example where name = 'wnj'
2. Inject the query, replace wnj with wnj' or '1=1
The generated statement is select * from example where name = 'wnj' or '1=1'
3. Inject delete, replace wnj with wnj'; delete from example where '1'='1
The generated statement is select * from example where name = 'wnj'; delete from example where '1'='1
It will execute one more delete statement and kneel.
Prevention: