Possible Duplicate:
Best way to prevent SQL Injection in PHP
I escape quotation marks via addslashes($str)
.
When i save the input from text fields to a MySQL database, is that a sufficient protection against MySQL injections or do I need to filter the input further because you can bypass this escape method? Or is there any better way to do this?