Many websites hacked by url and forms.. any idea

please i want to know how to avoid hacker from hacking my website using forms because i have many websites hacked this week.

i wrote only in the post:

$name= htmlspecialchars($value, ENT_QUOTES);

notice that i made validation using javascript to my form…
but hackers can make sql statment to delete my DB or any type of hacking…

also i have attached my htaccess to avoid mysql writing… please find the attached htaccess.txt

but the problem still exists i can write some queries from any form
how to stop hackers or avoid them from hacking my website??

any idea??

SQL Injections come from now sanitizing your data properly when using it in queries. You can do 2 things:

  1. Use prepared statements
  2. Use mysql_real_escape_string() on your variables.

Personally, I would look into using prepared statements and then you won’t have to worry about sql injections at all.

PDO Statements - best way forward.