Dejo un codigo de ejemplo:
Código PHP:
$link = mysql_connect( ....... );
$sql = "insert into tabla set dato = %d, otro ='%s' "
$params[] = 5;
$params[] = 'un string';
sql_execute( $sql, $link, $params, __FILE__, __LINE__ );
function sql_execute( $sql, $db_link, $params, $file, $line ) {
if ($params) {
foreach ($params as $idx => $param) {
$params[$idx] = addslashes($param);
}
$sql = vsprintf($sql, $params);
}
mysql_query($sql, $db_link) or die('');
}