How do you prevent SQL injection in LAMP applications?

Question

Here are a few possibilities to get the conversation started:

1. Escape all input upon initialization.
2. Escape each value, preferably when generating the

Answer 1

PDO may be worth it some day, but it's not just there yet. It's a DBAL and it's strengh is (supposedly) to make switching between vendors more easier. It's not really build to catch SQL injections.

Anyhow, you want to escape and sanatize your inputs, using prepared statements could be a good measure (I second that). Although I believe it's much easier, e.g. by utilizing filter.