I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped).
SELECT * FROM `table` WHERE `value` = '$value'
This is what the mysql manual says to do.
Last edited by Village Idiot : 02-25-2008 at 02:53 PM.
Either way, using ` is an easier way to secure your queries.
I do it all the time.
"The reasonable man adapts himself to the conditions that surround him... The unreasonable man adapts surrounding conditions to himself... All progress depends on the unreasonable man." - George Bernard Shaw