PHP/SQL Database querying good practice and security

Question

So I\'m a slightly seasoned php developer and have been \'doin the damn thing\' since 2007; however, I am still relatively n00bish when it comes to securing my applications.

Answer 1

AFAIK, PHP/mySQL doesn't usually have parameterized queries.

Using sprintf() with mysql_real_escape_string() should work pretty well. If you use appropriate format strings for sprintf() (e.g. "%d" for integers) you should be pretty safe.