The think is that i have a complete working website with many calls to the MySQL server and doing some research on this site i saw that making my querys in this form:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
I can solve the security issue, but, as i said, i have many calls to the MySQL server, and the best way (in my case) to solve the problem is going directly to the vars im passing to the query but whitout using a MySQL function because im out of the query. Let me explain it, i have this:
mysql_query("SELECT * FROM `post` WHERE id=" . $_GET['edit']);
I cant do modifications to this query because i have a lot of this in all my code, insted i preefer to check for injections on the var, $_GET['edit'].
How can i using pure PHP check for SQL injections on the variables of the querys? Like:
$_GET['edit']=freehack($_GET['edit']);