I thought I may make a few “helper” classes for writing SQL (both in AS3 for AIR and PHP) but I keep running into a problem.
First, this is the class that works just fine in my mind:
var details:String = "I like to hack! '; DROP TABLE users WHERE (1);--";
new SQLInsert(db.tables.users, {first_name:"Andreas", last_name:"Renberg", details:details, emailNotifications:true, registered:new Date()});
The insert will automatically escape the necessary characters, since there is a clear separation between field names and values.
The problem comes in with the “WHERE” part. I can’t find any good way of coding it without making the “conditions” into Strings. I don’t like that. 
var where:SQLWhere = new SQLWhere("id=5", "age>40", "banned=false");
new SQLSelect(["id", "first_name", "last_name"], where);
Also, I don’t like using an array of strings in the first part of the SELECT, but oh well. That one seems unavoidable. 
