About SQL Injection Solutions

About SQL injection
I have a question, the site processing a message board, through the Ajax to the PHP controller to deal with
$.ajax ({
URL: ' http://www.************?content= ' + thiscontent + ' &username= ' + thisusername + ' &phone= ' +thisPhone+ ' &callback=? ',
Type: ' GET ',
DataType: ' Jsonp ',
Success:function (d) {
if (d.code==200) {

}
}
});
PHP side with get to pick up data, and then directly to the MySQL database, but the problem is, smart point directly in the browser address bar directly input http://www.************?content= ' + thiscontent + ' & Username= ' + thisusername + ' &phone= ' +thisphone+ ' &callback=? This way you can also insert data into the database.
If someone uses the software through the browser to give you uninterrupted data, then your MySQL must be a bird like this. Will surely break down. Do the experts have any good solution??? Ask for answers!
------Solution--------------------
Then make a limit. Message number per day based on user name username or IP limit
------Solution--------------------
Reference:

Quote: Reference:

Then make a limit. Message number per day based on user name username or IP limit

First of all thank you for your answer Oh!
I thought of the user name restrictions, but also to do so, but will not have a master to do a random username to MySQL, it is difficult to determine. Restricting IP is a good idea. But the feeling is not very common, is there a better way to solve it?

Is your site anonymous? Do not login restrictions?
Add Verification Code limit
------Solution--------------------
Leave a message before you make username judgment can see whether the user if it is a random fill on the return and not let him go down operation
References:

Quote: References:

Then make a limit. Message number per day based on user name username or IP limit

First of all thank you for your answer Oh!
I thought of the user name restrictions, but also to do so, but will not have a master to do a random username to MySQL, it is difficult to determine. Restricting IP is a good idea. But the feeling is not very common, is there a better way to solve it?

