+ /**
+ * Escapes content by reference for insertion into the database, for security
+ * @param string $s
+ */
+ function escape_by_ref(&$s) {
+ $s = $this->escape($s);
+ }
+
+ /**
+ * Prepares a SQL query for safe use, using sprintf() syntax
+ */
+ function prepare($args=NULL) {
+ if ( NULL === $args )
+ return;
+ $args = func_get_args();
+ $query = array_shift($args);
+ $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
+ $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
+ $query = str_replace('%s', "'%s'", $query); // quote the strings
+ array_walk($args, array(&$this, 'escape_by_ref'));
+ return @vsprintf($query, $args);
+ }
+