Hi,
I just wanted someone to check if my form is safe for sql inyeccion,
though I am not to good on those things.
If anybody could check it I would be very apreciated.

$zona = mysql_real_escape_string($_POST['zona']);
$duermen = mysql_real_escape_string($_POST['duermen']);
$tipo = mysql_real_escape_string($_POST['tipo']);
$nodates = mysql_real_escape_string($_POST['nodates']);
$llegada = mysql_real_escape_string($_POST['llegada']);
$salida = mysql_real_escape_string($_POST['salida']);
$sinfecha = mysql_real_escape_string($_POST['sinfecha']);
$llegada = $month."-".$day;
$salida = $month2."-".$day2;
?>
<form method="post" action="../searcherpage.php">
<p>Area:<select name="zona">
<option value="any">Any</option>
<option value="M">whatever</option>
<option value="MC">whatever else</option>
</select></p>
<p>Sleeps: <select name="duermen">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select></p>
<p>Property: <select name="tipo">
<option value="anytype">any</option>
<option value="apartment">apartment</option>
<option value="villa">villa/townhouse</option>
</select></p>
<p>
<input name="sinfecha" type="checkbox" value="nodates">I donīt have any dates yet.
</p>
<p>Arrival:<br><?php include("day.php");?>&nbsp;&nbsp;<?php include("month.php");?>
</p>
<p>Departure:<br><?php include("day2.php");?><?php include("month2.php");?></p>
<p align="center"><input class="boton" type="Submit" name="enviar" value="Search"> </p>
</form>
The includes:
<select name="day" size="1" class="dia">
<option>01</option>
<option>02</option>
etc
<select name="day2" size="1" class="dia">
<option>01</option>
<option>02</option>
etc
<select name="month" size="1" class="mes">
<option value="2006-01">January 2006</option>
<option value="2006-02">February 2006</option>
etc
<select name="month2" size="1" class="mes">
<option value="2006-01">January 2006</option>
<option value="2006-02">February 2006</option>
etc