SteveWh - 4:50 am on Dec 4, 2010 (gmt 0)
If you're unfamiliar with the term "SQL injection", read StoutFiles's post 5 times, then do a web search on "SQL injection".
If your versions of PHP and MySQL are high enough to support it, have a look at the object-oriented methods of PHP's "mysqli" extension and its "prepared statements" methods (instead of using the PHP "mysql" extension). Study and use their example code (such as at [us2.php.net...] ) to create the methods you can use from now on for your PHP/MySQL coding. If you create safe and reliable procedures now and make them a habit, you'll save having to run through your site correcting poor coding after having your site get hacked.