The first comment was great and provided a link to a good article with a SQL injection cheat sheet. With the first tip being very good, I though I was in for a good read.
That is where everything changed. There are some very bad style issues concerning this article. Sure its great if you want to cut down on the amount of code you want to use and make it run a little faster. But realistically you should always use brackets and proper spacing and indentation, as well as comments.
What I got out of this article for good tips:
- Use an SQL Injection Cheat Sheet
- Know the Difference Between Comparison Operators
- Use str_replace instead of ereg_replace and preg_replace
- Use isset instead of strlen (who uses strlen?)