This is not safe you have to use pdo for query to secure sql-injections. here good document avilabe to prevent sql injections
url : https://paragonie.com/blog/2015/05/preventing-sql-injection-in-php-applications-easy-and-definitive-guide
Is there any good topic to know how to test script for SQL injections?
I find the OWASP site helpful eg.
I find these links rather misleading.First one tells you to "Escape All User Supplied Input" which is a nonsense.The second one tells you nothing on how to test but only how to exploit an already found vulnerability.
As a testing tool I would rather recommend http://sqlmap.org
Thanks will take a look on it!