PHP Security Help

You already have some solid suggestions, prepared statements are probably the first and most powerful thing you can really do to protect your site, next using filter_vars. I'd suggest you also protect your site against cross site scripting attacks, all major PHP frameworks should have this functionality in place to help you.