function loginUser(username, password) {
const query = `SELECT * FROM users
WHERE username = '${username}'
AND password = '${password}'`;
// This is vulnerable to: admin' OR '1'='1' --
return executeQuery(query);
}function loginUserSecure(username, password) {
const query = `SELECT * FROM users
WHERE username = ?
AND password = ?`;
// Using parameterized queries (simulated)
return executeSecureQuery(query, [username, password]);
}