Review the code and determine is SQL Injection is a problem. Describe specifically how you

would test to see if SQL injection was a problem. For example, show exactly what you would

input into the form fields to determine if SQL injection was a problem. Discuss the code issues

pointing to where the SQL injection could happen. $(30$ points$)$

$conn $=$ getDB$()$;

$sql $=$ "SELECT id$,$ firstname, lastname, salary, birth, ssn$,$

phonenumber, address, email, nickname, Password

FROM data

WHERE id$=\text{'}$$input$\_$id$\text{'}$ and password$=\text{'}$$input$\_$pwd$\text{'}"$;

$result $=$ $conn$->$query$($$sql$))$