This is a very quick tutorial to help people avoid SQL injection with their PHP scripts. It seems all too common that people are writing PHP scripts without considering the fact that someone could easily inject some malicious SQL code that could wreak havoc on an entire Web site.
To put it very simply, for those of you that don’t know what SQL injection is; it’s basically sending SQL code through a script that causes the query to execute unintended commands. Some very good examples of SQL injection can be found in the Wikipedia article.
Here are a few very quick tips to help you avoid SQL injection. Of course, nothing is foolproof, but this should take you a long way.