Hey,
Well I haven't posted something PHP related for quite a few days now so I thought I'd show you something I use in every single script that I write that involves form submissions or URL data.
It is important to escape (sanitize) all data from forms that may be used in a mysql database query.
If you use some other database type, the function can easily be modified.
Place this code at the top of all your pages (maybe via an include):
if(!function_exists(mysql_real_escape_array))
{
function mysql_real_escape_array($t)
{
return array_map("mysql_real_escape_string",$t);
}
}
mysql_real_escape_array($_GET);
mysql_real_escape_array($_POST);
It will automatically sanitize all your $_POST (from forms) and $_GET (URL data) to help prevent SQL injections.
Be aware though, that this is just one precaution you should take when inserting data into a mysql database.