Give me book's number and I give you book's name in my library.

Book's number :
connect_error) { die("Connection failed: " . $conn->connect_error); } //echo "Connected successfully"; if(isset($_POST["submit"])){ $number = $_POST['number']; //I'm the best web developer. //number is too dangerous. I have to do something. if(strchr($number,"'")){ echo "What are you trying to do?
"; echo "Awesome hacking skillzz
"; echo "But you can't hack me anymore!"; exit; } $query = "SELECT bookname,authorname FROM books WHERE number = $number"; $result = mysqli_query($conn,$query); if (!$result) { //Check result $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); } while ($row = mysqli_fetch_assoc($result)) { echo "
"; echo $row['bookname']." ----> ".$row['authorname']; } if(mysqli_num_rows($result) <= 0) echo "0 result"; } ?>