Definition: http://en.wikipedia.org/wiki/SQL_injection
Protection: Filtering & Escaping
$name = $_POST[‘name’];
// Filter
if (!ctype_alpha($name)) exit;// Escape
$name = mysql_real_escape_string($name);$query = “SELECT * FROM users WHERE name = ‘{$name}'”;