how to avoid and avoid sql injections poisoning with mysql scripts by using these tilps you are avoiding and preventing sql injection on your php script and mysql databases.

the best way to prevent SQL injection is by escaping your string from your forms.
or example, lets say in your form you have a field called Interests
<input type="text" name="Interests">

so when the user submits the form, the string value is for example like this:

$Interests= "I like Games & Desktop's Wallpapers";

OK, as you can see, our string contains the ampersand character, so we need to escape it before when send our query, so our query could look like this:

$sql = "INSERT INTO mytable SET interest = '".mysql_real_scape_string($Interests)."'";

now you should not have anymore problems.

mysql_real_scape_string()