So, I’ve heard you like to use
mysql_real_escape_string? Do you want your code to look like this?
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
To be honest it’s a waste of typing effort. I have a solution for you, a function called array_map. It will make your code ridiculously shorter. Imagine having only one line?
$_POST = array_map('mysql_real_escape_string', $_POST);
It makes a lot of difference, seriously.