inlog-procedureDe query in PHP: SELECT COUNT(*) FROM somewhere WHER

1. inlog-PROCEDURE
2.  
3. De query IN PHP:
4.     SELECT COUNT(*)
5.       FROM somewhere
6.      WHERE username = '$username'
7.        AND password = '$password'
8.  
9.  
10.  
11. --- de normale login-poging
12.  
13. URL IN de browser:
14. /code/inlog.php?username=Skip&password=veilig
15.  
16. De query IS dan:
17.     SELECT COUNT(*)
18.       FROM somewhere
19.      WHERE username = 'Skip'
20.        AND password = 'veilig'
21.  
22.  
23. --- de hack-poging...
24.  
25. URL IN de browser:
26. /code/inlog.php?username=Skip&password=' OR ''='
27.  
28. De query IS dan:
29.     SELECT COUNT(*)
30.       FROM somewhere
31.      WHERE username = 'Skip'
32.        AND password = '' OR ''=''    (dit IS altijd TRUE...)