Well I haven't posted something PHP related for quite a few days now so I thought I'd show you something I use in every single script that I write that involves form submissions or URL data.
It is important to escape (sanitize) all data from forms that may be used in a mysql database query.
If you use some other database type, the function can easily be modified.
Place this code at the top of all your pages (maybe via an include):
It will automatically sanitize all your $_POST (from forms) and $_GET (URL data) to help prevent SQL injections.