I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped).
SELECT * FROM `table` WHERE `value` = '$value'
This is what the mysql manual says to do.
Last edited by Village Idiot : 02-25-2008 at 02:53 PM.