SQL injection: Is this line safe?

[jitzzz]

I have this line:\[code\]$sql = "UPDATE votes SET up=up+1 WHERE id='{$p}'";\[/code\]Now from what I've read one way of sql injection is caused by not "closing" sql queries properly which allows hackers to add additional info.So my question is, is that line safe as to me the \[code\]up=up+1\[/code\] has not been "closed" but if I set it like this \[code\]up='up+1'\[/code\] which to me makes it "closed" it does not work.row up type is \[code\]int(11)\[/code\] if that makes any difference.Update:\[code\]$p\[/code\] is sanitized with a function\[code\]function sanitize($foo) { if(get_magic_quotes_gpc() == true) { $foo = stripslashes($foo); } return mysql_real_escape_string(htmlspecialchars($foo)); }\[/code\]