>Who cares if someone enters www.site.com/product.php?product=wrongproduct


Would you care if someone deleted all your database, just for fun?

If you don't care, then don't worry about SQL injection.

>I am going to use a Mod Rewrite so there will be no way of knowing what the original URL is, right?

As long as EVERY query string is rewritten, even malformed ones which could be SQL injectiion

Good luck,
Barry.