This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
Now my query, SP is breaking if i enter
ssds ' " ' sdsds
' " '
this is for mainly search functionality.
Which will be the best way to avoid all possibilities.
eg: str_replace or better ways.. write some function!
You didn't mention which DBMS, so I'm assuming MySQL here.
The best way would be to use PDO and/or prepared statements. The next best way would be to use mysql_real_escape_string() if you are using the procedural API.