Standardize: Convert 7 high-priority $conn->query() to prepared statements

Converted queries in:
- functions.php:
  * getTripCount() - Hardcoded query
  * getAvailableSpaces() - Two queries using $trip_id parameter (HIGH PRIORITY)

- blog.php:
  * Main blog list query - Hardcoded 'published' status

- course_details.php:
  * Driver training courses query - Hardcoded course type

- driver_training.php:
  * Future driver training dates query - Hardcoded course type

- events.php:
  * Upcoming events query - Hardcoded date comparison

- index.php:
  * Featured trips query - Hardcoded published status

All queries now use proper parameter binding via prepared statements.
Next: Convert remaining 15+ safe hardcoded queries for consistency.

events.php

@@ -88,10 +88,10 @@ include_once('header.php') ?>
                 </div>
 
                 <?php
-                // Query to retrieve data from the trips table
-                $sql = "SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC";
-
-                $result = $conn->query($sql);
+                // Query to retrieve upcoming events
+                $stmt = $conn->prepare("SELECT event_id, date, time, name, image, description, feature, location, type, promo FROM events WHERE date > CURDATE() ORDER BY date ASC");
+                $stmt->execute();
+                $result = $stmt->get_result();
 
                 if ($result->num_rows > 0) {
                     // Loop through each row