diff --git a/login.php b/login.php
index 1be36e72..530c0073 100644
--- a/login.php
+++ b/login.php
@@ -16,7 +16,7 @@ if(isset($_POST['login'])){
   
   $email = mysqli_real_escape_string($mysqli,$_POST['email']);
   $password = md5(mysqli_real_escape_string($mysqli,$_POST['password']));
-  $current_code = $_POST['current_code'];
+  $current_code = mysqli_real_escape_string($mysqli,$_POST['current_code']);
 
   $sql = mysqli_query($mysqli,"SELECT * FROM users WHERE email = '$email' AND password = '$password'");