Christopher Jones has posted about an update to the development for PHP 5.3 that makes escaping SQL even easier in scripts - NOWDOCS.

Escaping quotes or other meta characters in SQL can be painful unless you get lucky with your quoting style. [...] Even with PHP's "Heredoc" syntax something will need escaping, but with PHP 5.3's new "Nowdoc" syntax no escaping is needed.

The only difference between HEREDOC and NOWDOC is that the initial keyword (like the first END in this statement: <<<'END' text here END;) that can make worrying about complex quoting rules a thing of the past.

Rob Allen has posted about a small modification that he made to his Zend Framework setup that allows for a little safer echoing of information out to the View later of an application.

One of my biggest issues with using PHP as the templating engine in View scripts is that the easiest way to echo a variable is the least secure. [...] So, I decided to leverage a post by Mike Naberezny from a while ago about streams. The idea is all his; I just modified it to work with Zend Framework's Zend_View the way I wanted it to.

His method uses a slightly different output format - instead of using a normal echo statement to push out the escaped output, it uses a special syntax using the "@" sign as a shortcut to the call to escape(). He includes the code you'll need to make it work in your ZF install and explain it a bit (including where the real key lies - in stream_popen).