send data with more security




To avoid having that kind of problems, you should check that every value the user can enter responds to the data you are expecting (i.e. a numeric field has only numbers and such). That can be done with js, although it is not advisable to rely only on js.

Besides, using mysql_real_escape_string() for every post data to escape (i.e. put a slash before) certain characters will take control of sql attacks as far as i know.

I use both js and mysql_real_escape_string(). Also, i check every query for the validity of the results (if i am expecting the query to return something and it doesn't return anything, i quit the application, for example).

Well, there are many routines to check for fields. For example, you can use isNaN(field.value) to check whether it is a numeric value or not. I am not a js expert, so i suggest posting js problems in the appropriate forum.