What is the best way for the sql injectioning.
I have problem with field named "name" that if we enter improper value
like salil's system get crashed. it gives error Mysql::Error: You have
an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 's' and
parent_id= 21) LIMIT 1 at line 1: SELECT * FROM `categories` WHERE
(name='salil's' and parent_id= 21) LIMIT 1
how to avoid that i wwant either of this two
1] user cannot create category with special characters like ' , < >
2] if user enter name with special characteres system shouldn't get
crashed for any situation.
Thanks & Regards,