@Shanu_chaudharyJun 10.2010 — #Make sure you are cleaning the external data before using it in a query or you will be open to SQL injection attacks.[/QUOTE]
@MindzaiJun 11.2010 — #In this case, yes. It's not a universal solution though, you need to implement filtering based on the specific data types you expect. At very least though mysql_real_escape_string (or equivalent) should be used if you don't use something more specific like the above. Even better would be to use prepared statements, though you would still probably want some validation anyway.