Well I created this function a while back but it's still invaluable to people who generate queries. If you're familiar with sprintf and use it to put your variables into your mysql queries then you can use instead of using mysql_real_escape_string on every param. For example, suppose you have
PHP Code:
$query sprintf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')"
,
    
mysql_real_escape_string($firstname), 
    
mysql_real_escape_string($flastname), 
    
mysql_real_escape_string($address1), 
    
mysql_real_escape_string($zipcode)
); 
You could convert it to just
PHP Code:
$query mressf("INSERT INTO
`users`
(`firstname`, `lastname`, `address1`, `zipcode`)
VALUES
('%s', '%s', '%s', '%s', '%s')"
,
$firstname,
$flastname
$address1
$zipcode
); 
and it would escape all the values for you

Here is the function
PHP Code:
function mressf()
{
    
$args func_get_args();
    if (
count($args) < 2)
        return 
false;
    
$query array_shift($args);
    
$args array_map('mysql_real_escape_string'$args);
    
array_unshift($args$query);
    
$query call_user_func_array('sprintf'$args);
    return 
$query;

the sprintf mysql_real_escape_string function can aslo be found here

I hope this is of help to some of you