Sanitizing MySQL user parameters

Question

What are the dangerous characters that should be replaced in user input when the users\' input will be inserted in a MySQL query? I know about quotes, double quotes, \\r and

Answer 1

What languages do you need to support? It is much better to use a language's built-in sanitization than to write your own.

Edit: Looking at mysql_real_escape_string on php.net:

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.