Yes, you can use prepared statements. They are a bit different than what you normally would do in PDO but the usage is almost the same:
$result = $smcFunc['db_query']('' ,'
SELECT ppl.first_name, ppl.last_name, add.city, add.address
FROM {db_prefix}people as ppl
LEFT JOIN {db_prefix}addresses as add ON (add.id_address = ppl.id_address)
WHERE ppl.id_person = {int:person}
AND (ppl.middle_name = 'foo' OR ppl.suffix != 'jr')
AND {bool:condition}',
array(
'person' => $id_person,
'condition' => $condition,
)
);
You can use the most common data types: int, string,array_int, array_string, date, float, identifier, etc. Theres also the "raw" type for special cases where you might want to add raw SQL/data.
/Edit 16,000 posts!
