Dec 312009
How to avoid SQL injection in PHP?
Answer:
The easiest method is to use the mysql_real_escape_string function
Example:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Reference: http://php.net/manual/en/function.mysql-real-escape-string.php