I'm no expert on php, but I can't see how a SQL injection would bypass the prot function in any of those examples.