well, since a friend of mine showed me a page he has "hacked" with sql injection, i realize how far people can get with it...

now i want to know how to prevent sql injecting on my site, like on login/register form what do i need, and is stripslashes() and -or strip_tags() required?
.. and maybe htmlspecialchars() in forms like guestbooks or forums, comments and so on?

i really want to make my sites secure, how can i prevent most sql injections?