Php on zend, how to escape a variable for a query?

Question

Hello, im doing some queries in Zend Framework and i need to make sure no SQL injection is possible in the next kind of formats. I can use mysql_escape(deprecated) and wont do all the work. If i try to use real_mysql_escape it wont be able to grab the conection with the database and i cant find how zend_filter would solve the problem.

The query im doing (simplied) have the next sintaxes:

 $db = Zend_Registry::get('db'); 
 $select = "SELECT COUNT(*) AS num
    FROM message m
    WHERE m.message LIKE '".$username." %'";
 $row = $db->fetchRow($select);

What is the best way to prevent SQL INJECTION with this framework?

Answer 1

$sql = 'SELECT * FROM messages WHERE username LIKE ?';
$row = $db->fetchRow($sql, $username);

Reference: http://framework.zend.com/manual/en/zend.db.html

Answer 2

Easy:

$db->quote($username);

So:

   $username = $db->quote($username . '%');
   $select = 'SELECT COUNT(*) AS num
                                FROM message m
                                WHERE m.message LIKE ' . $username;
   $row = $db->fetchRow($select);