Be sure that $sql_database is never "mysql".

$name = $_GET['name'];
$sql = "SELECT * FROM foo WHERE name = '$name';

What happens if $name = "O'Henry"?
That will give you an error that you probably don't catch. But nastier things can be done with an extra apostrophe like that. PREPARE does not prevent it. mysql_real_escape_string() does.