i am aware of sql injection but I'm lock of knowledge on how to prevent this by increasing the security of the php code. i don't know where and when exactly to use the regular expression, trim, strpos, strsub, urlencode, urldecode functions, etc. because i am a beginner programmer. do i need to use the stripslashes to all input? For example i have a login form with user id and password, i want to know what and how to filter the input before i insert or select into sql? and for the registration form input filtering, is it the same as the login form filtering? please explain to me on how to prevent the sql injection. thank you in advance.