Securing PHP/MySQL Forms

[mitcho]

Hi guys. I use PHP/MySQL quite regularly to build basic CMS's, but I am by no means an expert .

 

I am now building a website + cms, again with PHP/MySQL, however this times its a little different. The website will have a form that customers use to make bookings.

 

they will enter their names/contact details into this form, as well as their credit card details. however, this transaction is not processed, it is instead saved to their database temporarily. The website owner then needs to login to the cms, process their data manually, then delete the credit details.

 

I already have set up SSL on the webserver (which is also a static ip server and apparently more secure) so that the php form is https://

but i am wanting to know whether i should be putting other measures in place? ie PHP/MySQL security. is there anything i can do to make ensure that the details will be submitted to mysql database securely and will remain safe in the database.

 

ive hear of things like mysql injections, and want to avoid these happening. Really appreciate feedback on this guys.

 

Thanks a bunch

[teng84]

i think your concern is if the user insert special character?

then maybe you could use regular expression to remove or to escape those character