A nice feature from Zend Framework (ZF) is its robust database adapter. Although there is still some work needed to extend the functionality (ORM?) and some strange bugs I encounter when working with multiple tables, Zend_Db package is already good solution for my CRUD application.
In Zend_Db_Adapter_Abstract, there is a function called quoteInto which is used to quote a field value from an sql statement. Most implementation is in where clause like
$where = $db->quoteInto('name = ?','John Doe');