Prevent SQL Injection in PHP?
Recently I got an idea. If a user input a exact SQL query then it can be SQL injection. To make it clear I am giving an example:
$known_var = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$known_var')");
But if the user want to input something like this:
INSERT INTO `table` (`column`) VALUES('values'); DROP TABLE table;--')
It is obviously very unsecure for SQL based database.
What can actually be done to prevent this Query Ingection?