How do you prevent SQL injection in LAMP applications?

Question

Here are a few possibilities to get the conversation started:

1. Escape all input upon initialization.
2. Escape each value, preferably when generating the

Answer 1

I would go with using prepared statements. If you want to use prepared statements, you probably want to check out the PDO functions for PHP. Not only does this let you easily run prepared statements, it also lets you be a little more database agnostic by not calling functions that begin with mysql_, mysqli_, or pgsql_.