What's the best way to minimize potential risks like sql injection attacks, when site visitors add a link that goes directly into the database?

I can't just block all the characters since too many websites have all sorts of characters in their links. Do I just delete some that never seem to be used like quotes, etc.