// | Update: 2005-02-02 11:01 // | // | Handle SQL injection elegantly, inspired by Chung Leon on comp.lang.php // +--------------------------------------------------------------------------- function sql() { $args = func_get_args(); $format = array_shift($args); if (!get_magic_quotes_gpc()) { for ($i = 0; $i < count($args); ++$i) { $args[$i] = mysql_real_escape_string($args[$i]); } } return vsprintf($format, $args); } $sql = sql("SELECT * FROM foo WHERE bar = %d", $id); ?>