>Sadly, I'm not really a PHP developer so I can't recommend any of the alternatives.

And yet you're ranting about how PHP's MySQL functions must be insecure? What do you think the various wrappers ultimately use?

The good books on PHP/MySQL (including the ones I linked to) will go over possible insecurities and give you hints on how to avoid them. Granted, they won't cover every possible exploit. But when it comes down to it, you only need to secure your database in proportion to the value of the data stored inside it. If you're not storing personal data, SSNs, credit card numbers, etc, then I wouldn't worry about trying to seal up every possible chink in the armor -- life's just too short. Get the obvious stuff out of the way (which, despite what PHP hataz say, is not only possible, it's quite easy) and get back to working on the fun stuff in your script).