Just make sure they can't close the quotes in a query. Let's say your query is this:

PHP: Select all

$query = "SELECT * FROM `mytable` WHERE `blah`='".$_GET['blee']."'"; 

If the hacker does something like "hello'yo" for the blee text field, they've just closed out of the quotes, and can run wild. So be sure to replace all the "'" with "\'", and you should be fine.

__________________
echo "Take it easy, ".$CloudedVision;
.links { site: other-road-design; blog: only-nerds-allowed; project: resource-fish; organization: ARMIES6; }
<quote>&quot;I think it's wrong that only one company makes the game Monopoly&quot; - <name>Steven Wright</name></quote>