Can you spell...
SQL Injection... This is so sad, it makes you want to cry... And this isn't from a "small company" with "limited resources" either.
please don't sql inject us, don't use words like drop, select, insert, update, delete and so on. Pretty please.
Eh, it'll probably work, that layer of security.