I would assume that wrapping user input in 'single quotes' or "double quotes" would make input be interpreted literally. I believe that ' single quotes ' do not allow escape characters and would be the better choice. Basically I have read some sources that state this even is not enough. Could anyone explain why? And possibly what I could do to prevent this/resources that explain it well/clearly?
Hypothetically, would wrapping ' user input ' in double quotes and checking for any single quotes inside the user input like ' user';ls;'input' to be escaped/removed be enough to prevent this?
I have been confused by the articles I have read and am looking for some more simply explained information.
Thanks in advance