How to prevent SQL injection in PHP?
The best way to prevent SQL injection in PHP is to use PDO's, prepared statements, and parameterized queries.
You can filter parameters yourself but there is a way for the database server to parse the data separately and by doing SQL prevention this way it's impossible for an attacker to inject malicious SQL.