I can't help with the code, but an extra layer you could use is mod_security at http://www.webkreator.com/mod_security/ It includes protection for many of the more common attacks, including simple SQL injection.

This is assuming you use Apache as your web server.

Regarding mod_security: I'm using standard UNIX web hosting and do not have ability to install mods on my hoster's Apache webserver ...

And about "OWASP Guide" - I've already downloaded it. Fantastic work! but it's quite big to read it fast ;), I promise I'll surely do this but later ... I need just few tips/advices what functions should I look into to keep my data coming from the HTML forms to script with SQL query as safe as possible for database/site/etc ...

Quick answer - make sure to always validate your input. If you know the data type of the form vars you can always make sure to cast them to the data type that you expect them to be. When taking direct text input make sure to use addslashes. You can try filtering out other things as well like --, ;, ', " but it all comes down to the data you're expecting. But for a better answer just skip to SQL injection in the OWASP guide.

-b

If 'magic_quotes_gpc' turned to 'ON' what else will I need in my programm code to protect MySQL queries that use data from INPUT boxes?.. Seems to me those cuty magic quotes serve well for that purpose on 100%!.. Maybe I am not seeing something?

Got one!
htmlentities() - that the one not to spoil my output pages with tags like </HTML> or <H1> in the input boxes!

Anything else to do on the string which got from $_POST/$_GET ?