Here's a nice little article about a more OO way of handling SQL injection.