Comment Re:top 5 (Score 3, Informative) 106
php.net/mysqli has prepared statements, or you can use PEAR's MDB2:
* Prepare/execute (bind) named and unnamed placeholder emulation