I am interning at a company and they have had me build a simple website which basically displays a list of their servers and they update entries, create new entries and so on. I am new to php and mysql and just web design in general. My question is do I really need to prevent against an SQL injection attack. The login to the site does not use SQL and i am using mysqli_query which will only allow one statement to be executed. And trying to do something where you make the where clause always true doesnt really do anything because once your on the site you can we the entire database anyway. As I said I am new to all this so do I need to prevent an SQL injection attack in my case?