I had to register just to post this. If you have a textbox in a form that interacts with your database in any way, you must sanitize your inputs.
This includes select statements
EG, you have a simple search form that generates this query
select * from items where search_term='findme';
findme was entered into the search box.
How about I enter this into the search box
findme';drop table items;
the query now becomes
select * from items where search_term='findme';drop table items;
Bye bye table items and all asociated data.
sanitize your inputs.
