so this topic gets hit a lot on the web, but i need a real quick easy, boiled down version of what i need to do with my code. I'm now doing some web development for a few different clients, and a few of them have asked for some database functionality, no problem, it's all set up and functional, using PHP and MySQL provided by the client's hosting company (not a good one, i dont like them, web.com) so here's the question, how do i protect from mysql injections. right now the only public access to the database is just the form to make an online reservation which links to a submit.php script that simply submits it. the client manages reservations with a web interface that is not linked to by anything, so you have to know the address, later i'll put a username and password on it in which case i know i'll have to protect against sql injections, but for now, is there any danger of sql injections. I'm assuming so. For some reason a few functions dont work on the hosting company's server (mysql_real_escape_string and free_result so far) and i think it's because its an older version of php or mysql. what can/should i do?