How can I escape the data submitted by my form to prevent SQL Injection. I read using request.post_vars does not escape the data, I am using a form built in HTML and submitting the data passing request.post_vars as variables to my SQL Query.
Any ideas *cheers --
