php中mysql_real_escape_string+sprintf防止sql注入

    function verify_key($db, $key)    {        $clientIp = $_SERVER["REMOTE_ADDR"];         $sql = sprintf("select *  from myweb_key where keydata = '%s'",mysql_real_escape_string($key));        $query = $db->mysql_query($sql);        if ($query) {            # code...            if ($db->column_num_rows($query) > 0) {                $result  = $db->mysql_getdata($query);                if ( $result['keydata'] == $key && $clientIp == $result['ip']) {                    # code...                    $array = ['status'=>'True', 'data'=>'the key is current'];                    $array_to_json = json_encode($array);                    return $array_to_json;                }                elseif ($clientIp != $result['ip'])                 {                    $array = ['status'=>'False',                         'data'=>'you address ip  is  not current in database ,must key with ip current, then you scan seach the block ip'];                    $array_to_json = json_encode($array);                    return $array_to_json;                }            }            else            {                    $array = ['status'=>'False', 'data'=>'the key is  not found in column'];                    $array_to_json = json_encode($array);                    return $array_to_json;            }                       }    }