sql injection email login bypass

This sql query:-SELECT * FROM users WHERE login='admin' AND password='1' OR '1'='1'; evaluates to SELECT * FROM users WHERE login='admin' AND TRUE. norton login in so it will select rows where login column value is admin It can be used to bypass the login It has a serious SQL injection vulnerability Its better to use Prepared Statement