mira yo lo que hago al momento de guardar la info en DB la substituyo y asi me evito de problemas
te paso el codiguito que uso es un truquillo pero me va muy bien y no tengo problemas
Código PHP:
<?
// Evitamos la inyeccion SQL
// Modificamos las variables pasadas por URL
foreach( $_GET as $variable => $valor ){
$_GET [ $variable ] = str_replace ( "'" , "" , $_GET [ $variable ]);
$_GET [ $variable ] = str_replace ( "\"" , "" , $_GET [ $variable ]);
}
// Modificamos las variables de formularios
foreach( $_POST as $variable => $valor ){
$_POST [ $variable ] = str_replace ( "'" , "" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "\"" , "" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "á" , "á" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "é" , "é" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "í" , "í" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "ó" , "ó" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "ú" , "ú" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "Á" , "Á" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "É" , "É" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "Í" , "Í" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "Ó" , "Ó" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "Ú" , "Ú" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "ñ" , "ñ" , $_POST [ $variable ]);
$_POST [ $variable ] = str_replace ( "Ñ" , "Ñ" , $_POST [ $variable ]);
}
?>
Bueno de hecho uso el script para evitar inyeccion SQL y me va muy bien