To prevent form hijacking(1) Escape data which is being passed into sql query using mysql_real_escape_string() function.(2) Also input data must be filtered before being passed into sql query using proper validation methods and use of htmlentities() function
Few more coding practices can be done to avoid PP Form HijackingUser Input Sanitization-Never trust web user submitted data. Follow good clieint side data validation practices with regular expressions...