So I'm designing a cms for someone and I want to make sure it's secure, I've used stripslashes, etc when having user input.. I even have my $_GET commands stripslashed and everything but what else can I do to stop SQL injection? Where can I learn more about how it works... so far what I've gotten from most of the sites I've seen are that if you go to a login page and put in "USERNAME'#" it'll comment out the password part and let you login regardless of the password if it is unsecure. But I tried this on a few of my sites and (without any protection) couldn't get it so I dont think I understand this properly.
Ah, I'll post some of my coding later tonight but if you're going to fix it you'll need to explain specifically what you did and why you did it and to prevent people from doing X (This way I'll know how to counter something someone is doing)
The safest way is to use placeholders, they're alot more secure then trying to figure out every way of escaping input, and if you must do it yourself, instead of blacklisting to get rid of bad things, use a whitelist to only allow what you specify.