Is there any way someone can do a sql injection for checkboxes, radio buttons or drop-down menus (ex. country, year of birth)?
Also, hypothetically, if someone enters their cat's name into a text field, would it be enough to run the following line of code before I insert them into the mysql table?
$catsName = preg_replace('/[^a-z]/i', '', $_POST['yourCat']);
Or would I have to this in addition?
$catsName = mysql_real_escape_string($_POST['yourCat']);
The radio buttons, check boxes etc, have a value option in the HTML code, which can be easily changed with firebug(There are many other similar tools). So, its better if you sanitize all the input that the user gives.
And as for the second question, mysql_real_escape_string is enough. Dont need to do the preg_replace