The OP has posted some code in another topic:-
And I think there is some room for improvement, security-wise.
I’ll paste it here for easy viewing.
<?php mysql_connect("localhost", "user", "password"); mysql_select_db("jixcov"); if(isset($_POST['submit'])) { $username = $_POST['username']; $check_username = mysql_query("SELECT * FROM users WHERE USERNAME='$username'"); $numrows = mysql_num_rows($check_username); if($numrows != 1){ echo('That user does not exist!'); } else { echo('That user exists'); } } ?>``
``
The first point, you are using the now obsolete mysql functions, these are no longer supported in PHP and have been replaced by the better, more secure, mysqli and PDO which have been mentioned already.
Next, you are not sanitising user input, as mentioned
$username = $_POST['username'];
You could use preg_replace or the filter functions to do that.
Then the unsanitised data is inserted directly into an SQL query, ripe for an injection. With PDO or mysqli you could use a prepared statement as an extra line of defence.