diff --git a/blog.php b/blog.php
index 9500c534..53e1c094 100644
--- a/blog.php
+++ b/blog.php
@@ -28,10 +28,10 @@ include_once('header.php') ?>
 
 
     }
-</style><?php
-    $pageTitle = 'Blogs';
-    $breadcrumbs = [['Home' => 'index.php']];
-    require_once('components/banner.php');
+</style><?php
+    $pageTitle = 'Blogs';
+    $breadcrumbs = [['Home' => 'index.php']];
+    require_once('components/banner.php');
 ?>
 
 
@@ -41,9 +41,11 @@ include_once('header.php') ?>
         <div class="row">
             <div class="col-lg-8">
                 <?php
-                // Query to retrieve data from the trips table
-                $sql = "SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = 'published' ORDER BY date DESC";
-                $result = $conn->query($sql);
+                // Query to retrieve data from blogs table
+                $stmt = $conn->prepare("SELECT blog_id, title, date, category, image, description, author, members_only, link FROM blogs WHERE status = ? ORDER BY date DESC");
+                $stmt->bind_param("s", $status = 'published');
+                $stmt->execute();
+                $result = $stmt->get_result();
 
                 if ($result->num_rows > 0) {
                     // Loop through each row
diff --git a/course_details.php b/course_details.php
index de16b643..d4963790 100644
--- a/course_details.php
+++ b/course_details.php
@@ -1,18 +1,21 @@
-<?php
-$headerStyle = 'light';
+<?php
+$headerStyle = 'light';
 include_once('header.php');
 
 // SQL query to fetch dates for driver training
-$sql = "SELECT course_id, date FROM courses WHERE course_type = 'driver_training'";
-$result = $conn->query($sql);
+$stmt = $conn->prepare("SELECT course_id, date FROM courses WHERE course_type = ?");
+$course_type = 'driver_training';
+$stmt->bind_param("s", $course_type);
+$stmt->execute();
+$result = $stmt->get_result();
 ?>
 
 
 
-<?php
-    $pageTitle = 'Course Details';
-    $breadcrumbs = [['Home' => 'index.php']];
-    require_once('components/banner.php');
+<?php
+    $pageTitle = 'Course Details';
+    $breadcrumbs = [['Home' => 'index.php']];
+    require_once('components/banner.php');
 ?>
 <!-- Page Banner End -->
 
diff --git a/driver_training.php b/driver_training.php
index 3f904b40..9470454f 100644
--- a/driver_training.php
+++ b/driver_training.php
@@ -1,15 +1,17 @@
-<?php
-$headerStyle = 'light';
+<?php
+$headerStyle = 'light';
 include_once('header.php');
 checkUserSession();
 
 // SQL query to fetch dates for driver training
-$sql = "SELECT course_id, date 
+$stmt = $conn->prepare("SELECT course_id, date 
         FROM courses 
-        WHERE course_type = 'driver_training' 
-        AND date >= CURDATE()";
-
-$result = $conn->query($sql);
+        WHERE course_type = ? 
+        AND date >= CURDATE()");
+$course_type = 'driver_training';
+$stmt->bind_param("s", $course_type);
+$stmt->execute();
+$result = $stmt->get_result();
 $page_id = 'driver_training';
 
 ?>
@@ -24,10 +26,10 @@ $page_id = 'driver_training';
         padding: 8px;
         font-size: 16px;
     }
-</style><?php
-    $pageTitle = 'Driver Training';
-    $breadcrumbs = [['Home' => 'index.php']];
-    require_once('components/banner.php');
+</style><?php
+    $pageTitle = 'Driver Training';
+    $breadcrumbs = [['Home' => 'index.php']];
+    require_once('components/banner.php');
 ?>
 
 <!-- Product Details Start -->
diff --git a/events.php b/events.php
index 82dd07cd..435ab845 100644
--- a/events.php
+++ b/events.php
@@ -88,10 +88,10 @@ include_once('header.php') ?>
                 </div>
 
                 <?php
-                // Query to retrieve data from the trips table
-                $sql = "SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC";
-
-                $result = $conn->query($sql);
+                // Query to retrieve upcoming events
+                $stmt = $conn->prepare("SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC");
+                $stmt->execute();
+                $result = $stmt->get_result();
 
                 if ($result->num_rows > 0) {
                     // Loop through each row
diff --git a/functions.php b/functions.php
index 6e12222c..91fd2808 100644
--- a/functions.php
+++ b/functions.php
@@ -31,9 +31,12 @@ function getTripCount()
     // Database connection
     $conn = openDatabaseConnection();
 
-    // SQL query to count the number of rows
-    $sql = "SELECT COUNT(*) AS total FROM trips WHERE published = 1 AND start_date > CURDATE()";
-    $result = $conn->query($sql);
+    // SQL query to count the number of upcoming trips
+    $stmt = $conn->prepare("SELECT COUNT(*) AS total FROM trips WHERE published = ? AND start_date > CURDATE()");
+    $published = 1;
+    $stmt->bind_param("i", $published);
+    $stmt->execute();
+    $result = $stmt->get_result();
 
     // Fetch the count from the result
     if ($result->num_rows > 0) {
@@ -918,8 +921,10 @@ function getAvailableSpaces($trip_id)
         $trip_id = intval($trip_id);
 
         // Step 1: Get the vehicle capacity for the trip from the trips table
-        $query = "SELECT vehicle_capacity FROM trips WHERE trip_id = $trip_id";
-        $result = $conn->query($query);
+        $stmt = $conn->prepare("SELECT vehicle_capacity FROM trips WHERE trip_id = ?");
+        $stmt->bind_param("i", $trip_id);
+        $stmt->execute();
+        $result = $stmt->get_result();
 
         // Check if the trip exists
         if ($result->num_rows === 0) {
@@ -931,8 +936,10 @@ function getAvailableSpaces($trip_id)
         $vehicle_capacity = $trip['vehicle_capacity'];
 
         // Step 2: Get the total number of booked vehicles for this trip from the bookings table
-        $query = "SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = $trip_id";
-        $result = $conn->query($query);
+        $stmt = $conn->prepare("SELECT SUM(num_vehicles) as total_booked FROM bookings WHERE trip_id = ?");
+        $stmt->bind_param("i", $trip_id);
+        $stmt->execute();
+        $result = $stmt->get_result();
 
         // Fetch the total number of vehicles booked
         $bookings = $result->fetch_assoc();
diff --git a/index.php b/index.php
index e571582a..53cd6f7d 100644
--- a/index.php
+++ b/index.php
@@ -83,12 +83,15 @@ if (countUpcomingTrips() > 0) { ?>
             <div class="row justify-content-center">
                 <?php
                 // Query to retrieve data from the trips table
-               $sql = "SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked 
+               $stmt = $conn->prepare("SELECT trip_id, trip_name, location, short_description, start_date, end_date, vehicle_capacity, cost_members, places_booked 
         FROM trips 
-        WHERE published = 1 
+        WHERE published = ? 
         ORDER BY trip_id DESC 
-        LIMIT 4";
-                $result = $conn->query($sql);
+        LIMIT 4");
+                $published = 1;
+                $stmt->bind_param("i", $published);
+                $stmt->execute();
+                $result = $stmt->get_result();
 
                 if ($result->num_rows > 0) {
                     // Loop through each row