$name
should contains perhaps spaces and alphanumeric characters and alias name too. If not all the records from the client will be deleted from the injected query. PHP
and PERL
, these injection cleverly controls these departures characters. The PHP programming dialects gives the utilitarian string SQL_escape_string() to control the character inputs that are some kind of particular string characters to SQL.