Preventing SQL injections

First of all, never trust user input, you have to make sure that you’ve escaped all user input. In escaping it, you’ll add a backlash before special characters such as single notes and this will tell the SQL server that the particular character is a portion of the information to enter into the database and not the SQL code. A number of programming languages offer a system for adding backlashes to a string just like PHP having “addslahes.” You must not let a user verify your database layout and instead, keep member privileges in a separate table from member information. With this, it can surely lessen the possibility of SQL injection.