So, I had this idea as a way of preventing SQL injection on my websites for people who have to fill out text boxes similar to what I am doing now, and was wondering if I could get some possible feedback on the subject. I would take ANY and ALL data from the user, no matter what they want to type, and have a phphash file that would hash the entire text box into a massive string of numbers. Those numbers would then be stored either in the database, or in a specific file type, and when the data is retrieved, the numbers would then be converted back into text.
On the positive side, this would allow me to store string literals, and I mean LITERAL, which would be displayed where ever I want it to be displayed, and would run at a BigO of n.
On the down side, this may take up a lot of server-side processing speed dependent on how much information is being relayed back to the user, how many users are currently using the database, and how large of strings we're talking.
Essentially, this can be a fool-proof way (if implemented on every field) for storing string literals without the chance of an SQL injection attack. Meaning, someone could successfully write this post and append;DROP TABLE Users;-- without repercussion.