mysql_real_escape_string()
mysql_true_escape_string()
addslashes()
using PDO and prepared statements
htmlspecialchars()
strip_tags()