Protect against SQL Injection

There are more ways.. 1 of them is-

with blocking the SQL commands

function mysqlesc($input) { 

$input = str_ireplace('\'', '', $input);

$input = str_ireplace('"', '', $input);

$input = str_ireplace('UNION', '', $input); 

$input = str_ireplace('--', '', $input); 

$input = str_ireplace('/**/', '', $input); 

$input = str_ireplace('/*', '', $input); 

return $input; }

another protecting method is:

function mysqlesc($input){
$input = mysql-real-escape-string($input);

return $input;
}