Injection attacks refer to a broad class of attack vectors. In an injection attack, an attacker supplies untrusted input to a program. This input gets processed by an interpreter as part of a command or query. In turn, this alters the execution of that program. Read more

We have the most advanced framework and cms which either have functions or internally handle filtering and escaping of incoming data.

But there are some cases when we are developing custom things or developing a project without any framework and cms. We strongly need to filter incoming data that are coming from open sources in GET & POST.

SQL injection attacks can simply prevent by using mysqli_real_escape_string provide by php.

$email = mysqli_real_escape_string($con,$_POST['email']);

Or you can prepare your own function that will prevent SQL and XSS injection attacks.

function filter($con,$data) {
	$data = trim(htmlentities(strip_tags($data)));

	if (get_magic_quotes_gpc())
		$data = stripslashes($data);

	$data = mysqli_real_escape_string($con,$data);

	return $data;

These simple steps will prevent you from getting hacked. I will keep updating this article with new findings, Thank you.