Between several posts, the pros/cons of using a framework/library/whatever vs. creating your own from scratch were covered. Regardless of which you pick, here are some tips that you'll find useful.
For using someone else's code:
Be sure to suppress all warnings and errors. Easy, but very helpful as blind SQL injection is much harder. If an exploit is found, whatever minor differences you have from the original code (different number of columns, renamed columns, table prefix, etc.) should hold off any attacks until an update is released. The bad code is still there, it's just much harder to exploit.
For creating your own code from scratch:
Create a class or set of functions that handle all database stuff. Have one function that handles all the character escaping and whatnot. Another for HTML encoding, if your users' input is being posted back on the site. Protip for the lazy: at the beginning of your script, iterate through all of the user input variables, and directly change them to make them safe for SQL. You won't have to worry about it for the rest of the script. I don't like doing this but it's a nice quick-fix when you don't have time to go through your code thoroughly.
For Both:
Use privileges to your advantage! Once your site is set up, there's a good chance you won't be using things like CREATE or DROP, so remove these privileges. Hell, you can even create 3 - 4 users, and use them in different parts of your script; for an "update profile" script, allow UPDATE but not INSERT, for a "post blog reply" script, allow INSERT but not UPDATE, etc.
Write all SQL errors to a file that only you have access to. Be sure to log the URI as well; at least you'll know what causes the problem. If you created the script, you can now fix it with ease. If you are using someone else's script, you can patch it until an update is rolled out.
