How to prevent SQL injection attacks
To reduce the risk of SQL injection attacks follow below steps
1. Use input validation via function such as MySQL's mysql_real_escape_string() to ensure that any dangerous characters such as ' are not passed to a SQL query in data. Sanitize everything by filtering user data. For example,email addresses should be filtered to allow only the characters allowed in an e-mail, phone numbers should be filtered to allow only the digits.
2. Don't construct queries with user input. Use parameterized queries, prepared statements and stored procedures whenever possible.
3.Hackers can get an idea about database architecture from error messages, so ensure that they display minimal information.
4.Make developers responsible for checking the code and fixing security flaws in applications before the software is delivered.