Hi there, I'm just checking that this will actually secure mysql:
if ($HTTP_POST_VARS) foreach($HTTP_POST_VARS as $key => $val) $$key = mysql_escape_string($val);
if ($HTTP_GET_VARS) foreach($HTTP_GET_VARS as $key => $val) $$key = mysql_escape_string($val);
So that if I did INSERT INTO ..... ='$somevar' and $somevar contained a nasty string it's be ok.
