diff --git a/campsites.php b/campsites.php
index f3cff20f..05440ae6 100644
--- a/campsites.php
+++ b/campsites.php
@@ -3,7 +3,9 @@ $headerStyle = 'light';
 include_once('header.php');
 
 $conn = openDatabaseConnection();
-$result = $conn->query("SELECT * FROM campsites");
+$stmt = $conn->prepare("SELECT * FROM campsites");
+$stmt->execute();
+$result = $stmt->get_result();
 $campsites = [];
 while ($row = $result->fetch_assoc()) {
     $campsites[] = $row;
diff --git a/fetch_users.php b/fetch_users.php
index 1e1bcc19..3851e766 100644
--- a/fetch_users.php
+++ b/fetch_users.php
@@ -8,8 +8,9 @@ if ($conn->connect_error) {
     die(json_encode([])); // Return empty JSON on failure
 }
 
-$sql = "SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC";
-$result = $conn->query($sql);
+$stmt = $conn->prepare("SELECT user_id, first_name, last_name FROM users ORDER BY first_name ASC");
+$stmt->execute();
+$result = $stmt->get_result();
 
 $users = [];
 while ($row = $result->fetch_assoc()) {
diff --git a/functions.php b/functions.php
index 91fd2808..7ccbdacf 100644
--- a/functions.php
+++ b/functions.php
@@ -1544,10 +1544,12 @@ function countUpcomingTrips()
     // Open database connection
     $conn = openDatabaseConnection();
 
-    $query = "SELECT COUNT(*) AS trip_count FROM trips WHERE published = 1 AND start_date > CURDATE()";
+    $stmt = $conn->prepare("SELECT COUNT(*) AS trip_count FROM trips WHERE published = ? AND start_date > CURDATE()");
+    $published = 1;
+    $stmt->bind_param("i", $published);
+    $stmt->execute();
 
-
-    if ($result = $conn->query($query)) {
+    if ($result = $stmt->get_result()) {
         $row = $result->fetch_assoc();
         return (int)$row['trip_count'];
     } else {
@@ -1636,16 +1638,19 @@ function getUserIP()
 function getNextOpenDayDate()
 {
     $conn = openDatabaseConnection();
-    $sql = "
+    $stmt = $conn->prepare("
         SELECT date 
         FROM events 
-        WHERE name = '4WDCSA Open Day' 
+        WHERE name = ? 
           AND date >= NOW() 
         ORDER BY date ASC 
         LIMIT 1
-    ";
+    ");
+    $event_name = '4WDCSA Open Day';
+    $stmt->bind_param("s", $event_name);
+    $stmt->execute();
 
-    $result = $conn->query($sql);
+    $result = $stmt->get_result();
 
     if ($result && $row = $result->fetch_assoc()) {
         return $row['date']; // e.g. "2025-05-01 10:00:00"
diff --git a/get_campsites.php b/get_campsites.php
index ef444613..9c10d022 100644
--- a/get_campsites.php
+++ b/get_campsites.php
@@ -4,15 +4,15 @@ include_once('connection.php');
 include_once('functions.php');
 $conn = openDatabaseConnection();
 
-$sql = "SELECT 
+$stmt = $conn->prepare("SELECT 
             c.*,
             u.first_name,
             u.last_name,
             u.profile_pic
         FROM campsites c
-        LEFT JOIN users u ON c.user_id = u.user_id";
-
-$result = $conn->query($sql);
+        LEFT JOIN users u ON c.user_id = u.user_id");
+$stmt->execute();
+$result = $stmt->get_result();
 
 $campsites = [];
 while ($row = $result->fetch_assoc()) {