I'm not exactly sure if this is the right place to put this, as it's about both PHP and SQL, but I think it fits best here. I have a "shoutbox" on my site and am worried about people hitting me with an SQL/JS/PHP injection. To counter JS and PHP injections, I'm adding "<i></i>" after every <. Probably not the best way to do it, but it works. To counter an SQL injection, I'm using the addslashes function, which is supposed to protect from this. Unfortunately, this causes a long delay between shouting and the shout showing up. Any suggestions? Is this just something I'll have to accept? (That's fine if it is.)

Use strip_tags() to strip out all the tags that someone would put into your shout box. here is a link to learn about them.

http://www.php.net/manual/en/function.strip-tags.php

You'll also want to check out the links on this sticky: http://www.webmaster-talk.com/php-fo...rials-how.html

to stop sql injections also run and strings through

$string = mysql_real_escape_string($string);

I strongly recommend reading PHP Freaks' security tutorial.