Possible Duplicates:
What is SQL injection?
In PHP when submitting strings to the DB should I take care of illegal characters using htmlspecialchars() or use regex?
I really need someone to clearly explain how to handle hackers and if it's really as complicated as it sounds.