I've not quite into sql injection yet. Only some simple ones like form injection and injection by link.

regarding form injection: What if quotes are sanitized with backslashes? I always hav that problem. Im stuck.