sql injection pada form login

This sql query:-SELECT * FROM users WHERE login='admin' AND password='1' OR '1'='1'; evaluates to SELECT * FROM users WHERE login='admin' AND TRUE. wyth login so it will select rows where login column value is admin. wyth login It can be used to bypass the login It has a serious SQL injection vulnerability Its better to use Prepared Statement