PHP protection of GET parameters

Question

OK consider this url:

example.com/single.php?id=21424

It\'s pretty obvious to you and i that the PHP is going to take the id and run it thr

Answer 1

Of course, never ever ever consider a user entry (_GET, _POST, _COOKIE, etc) as safe.

Use mysql_real_escape_string php function to sanitize your variables: http://php.net/manual/en/function.mysql-real-escape-string.php

About SQL injections : http://en.wikipedia.org/wiki/SQL_injection