Recently I am developing little question generation program on PHP. It uses some LaTeX formatted math formulas.
I had a problem with inserting LaTeX formulas, because no backslash was inserted to MySQL database.
I've described this issue here :
Backslashes are auto-removed while inserting LaTeX formulas to MySQL with PHP
I found a solution by using mysql_real_escape_string(). But this arises another question.
If backslashes now could be inserted, is my program vulnerable for sql injections or any other tricky input that users could make?
This function is generally designed specifically for sanitising user input and should always be used, as per the documentation: http://php.net/manual/en/function.mysql-real-escape-string.php