php中mysql_real_escape_string+sprintf防止sql注入

function verify_key($db, $key)
{
$clientIp = $_SERVER["REMOTE_ADDR"];
$sql = sprintf("select *  from myweb_key where keydata = '%s'",mysql_real_escape_string($key));
$query = $db->mysql_query($sql);
if ($query) {
# code...
if ($db->column_num_rows($query) > 0) {
$result  = $db->mysql_getdata($query);
if ( $result['keydata'] == $key && $clientIp == $result['ip']) {
# code...
$array = ['status'=>'True', 'data'=>'the key is current'];
$array_to_json = json_encode($array);
return $array_to_json;
}
elseif ($clientIp != $result['ip'])
{
$array = ['status'=>'False',
'data'=>'you address ip  is  not current in database ,must key with ip current, then you scan seach the block ip'];
$array_to_json = json_encode($array)
4000
;
return $array_to_json;
}
}
else
{
$array = ['status'=>'False', 'data'=>'the key is  not found in column'];
$array_to_json = json_encode($array);
return $array_to_json;
}
}

}