Anti-SQL Injection Function

Here are an example about PHP/MySQL Anti-SQL Injection:

function cleanuserinput($dirty){
 if (get_magic_quotes_gpc()) {
  $clean = mysql_real_escape_string(stripslashes($dirty));
 }else{
  $clean = mysql_real_escape_string($dirty);
 }
 return $clean;
}
// Now the data $clean can be used for MySQL DB operation.

Following things can be done for preventing your PHP Form from Hijacking

1. Make register_globals to off to prevent Form Injection with malicious data. 2. Make Error_reporting to E_ALL (in php script: error_reporting(E_ALL) at the top) so that all variables will be intialized before using them. 3. Make practice of using htmlentities(), htmlspecialchars(), strip_tags(), utf8_decode() and addslashes() for filtering malicious data in php 4. Make practice of using mysql_real_escape_string() in mysql.