Escaping is the word
You Must prevent user from entering characters that is mainly used in DB Queries
I will give you an example of how the process is done
you have a simple DB Query like
Quote:
SELECT * FROM Accounts WHERE Name = 'badguy4you'
|
if you let users enter the
' symbol, they can exploit it to get other infromation like turning the above query to something like
Quote:
SELECT * FROM Accounts WHERE Name = 'badguy4you' AND Age = '31'
|
So you can simply do Escaping on any user input [that interferes with the DB] to prevent this exploit
this is just a
brief for you, of course you can find a lot on the internet, JUST GOOGLE IT !