Joomla JDatabase class provides the quote() method that will correctly quote and escape your sql input strings. This method will prevent sql injection attacks.
You can write your sql injection safe statements like this:
$sql = 'INSERT INTO table (field) VALUES ('.JDatabase::quote($param).')';
0 Comments.