Input Validation

xonic

I'd like to create a user area for my website, but im running into the potential security problem that my forms (user and password) may inadvertantly be used w/ a malicious SQL query (e.g: instead of username="bob" it's username="DELETE * FROM ... ; ".
Could someone point me in the right direction, maybe to a abstraction layer or a input validation tutorial so i can make sure no malicious use will come of this?
      -Thanks :)

Anon

As far as i'm aware, daul or breakable commands (using semicolons) will just result in an error with mysql_query() i.e.. someone cannot break out of your current sql statement and execute a new statement without mysql erroring. You can simply str_replace any quotations or semicolons if you're really paranoid about it however.

Anon

Just wondering:

username= "); mysql_query("delte....."); ?

Anon

Nope, data inputted from browsers into a variable (even if it has quotations) are escaped, so " becomes \"