I an writing some code but want to make sure I don't make the mistake to keep it open for hacks. What should I look for to make sure that it's not possible to use sql injections.
Thanks So if I use in php mysql_real_escape_string(variable) PHP: and check var type when fi it should be an integer and not allowing anything but it's covering most off the risks
No I dont think that will do it. Basically mysql_real_escape_string(variable) seems to handle the proper escaping of special characters, like new lines and stuff. I dont know how that helps you in this case. See #8 at http://www.securiteam.com/securityreviews/5DP0N1P76E.html
what is about general php addslashes ? just escape text content with slashes, and check numerical for right format