Since I opened an online project I'm having problems with trespassing, where someone is doing direct inserts in the database. It was the one that gave me initiative to by in all the variables received through the method
$_POST . The functions:
$variavel = trim(strip_tags(mysqli_real_escape_string($conn, $_POST['recebe'])));
I used two programs to scan scanner to analyze the site ('Acunetix' and 'Scrawlr'), where I first returned vulnerable variables, but now I have done all the same procedure and now more trouble signal.
However, the attacker is still able to invade the server, even though he is sure that he has checked all the lines of code in the project.