http://www.fullstackprep.dev/articles/webd/sql/prevent-sql-injection