Most probably your application store important data, which cannot be kept un secured SQL Injection is a common way of hacking, which changes the logic of the queries It allows hackers to enter your server bypassing security by escaping data Some PHP Escape functions that help to protect SQL Injection : mysql_real_escape_string() mysqli::escape_string() addslashes() Here is an example – $name = “Shyam”; $name = mysql_real_escape_string($name, $db); $name = addslashes($name);