CREATE TABLE users (
username VARCHAR(32) CHARACTER SET GBK,
password VARCHAR(32) CHARACTER SET GBK,
PRIMARY KEY (username)
);
$db = mysqli_init();
$db->real_connect('localhost', 'username', 'password', 'database');
$db->query('SET NAMES gbk');
$_POST['username'] = chr(0x87)."' OR username = username -- ";
$username = addslashes($_POST['username']);
$sql = "SELECT *
FROM users
WHERE username = '{$username}'";
$res = $db->query($sql);
if ($res->num_rows) {
echo 'success';
} else {
echo 'fail';
}