What is the best function to make user input safe for the database?

what is the best function to use in a php code, that makes the user input safe for the databse ? I know about removing spaces before and after the string. striping the slashes from the string.

and what else ?

and can we use this function in a login script ? and is there any other security issues we have to开发者_StackOverflow社区 worry about ?

and thank you very much :D

PDO::prepare()

As for other possible vulnerabilities, there are lots; I suggest having a look at 19 Deadly Sins of Software Security and something like a PHP Security Checklist.

Prepared statements with MySQLi functions. http://us2.php.net/manual/en/mysqli.prepare.php

It depends on your database engine.

• For MySQL, use mysql_real_escape_string
• For SQLite, use sqlite_escape_string
• For PostgreSQL, use pg_escape_string
• For IBM DB2, use db2_escape_string
• And so on...