Kevin Smith

While I'm most certainly no expert on the subject of mysql injection attacks, I do know that, unless you have a ton of valuable information stored in your database, the "hype" of attack prevention is just that: hype. Most scriptkiddies aren't going to waste their time pulling junk information from your database (and besides, you should have a cron job setup to do automatic backups of your databases on a regular basis.

This is all my personal opinion, of course. Any of my sites could suffer possible attack tonight...I wouldn't worry too much about it. Just simply restore the most recent backup and THEN work on prevention (I don't have anything that crucial stored in vulnerable databases)...

Despite the above, here's a very basic php function to possibly deter or prevent an sql injection attack: