With filtering i refer to the following:
Many fields in a form (e.g. phone) contain only certain characters, so that you can check whether the fields you receive are correct or not (a first check in client and a security check in server). Thus, in the server side i filter all fields checking their validity.
The problem is that some fields cannot be checked because you have to allow all characters. These fields are a threat because anyone can insert sql code. At this moment, the only solution i have come up with is checking these fields for occurences of certain sql words (such as insert, delete, select, drop and so on). I believe this is not very efficient, and that was the reason of my posting.
Thanks a lot.