SafeSQL project is an SQL query processer to automate the tedious tasks of syntax testing, injection attack-proofing, dropping parts of queries and other misc features. It has only been tested with MySQL syntax, but any ANSI SQL-92 compliant db library should work OK.
// dummy up a variable with a single quote in it
$section_name = "fred's place";
// run the query through SafeSQL
$safesql =& new SafeSQL_MySQL;
$query_string = $safesql->query("select * from sections
where Section_Name = '%s'", array($section_name));
select * from sections where Section_Name = 'fred's place'
// $query_string is now safe to pass to your SQL library
What's New in This Release:
· This release adds %n and %N for handling quoted and (non-quoted) NULL values.