I am using this function to prevent sql injections :
function filter($input)
{
if(strpos(str_replace("''","","$input"),"'") != false)
{
return str_replace("'", "''", $input);
}
return $input;
}
is it safe to use it? can someone somehow bypass it? if is is possible to bypass it please give me a hint on how to secure this function or an example on how you see bypass for it
UPDATE : it is used on SQL Server