PHP: mysql_real_escape_string

mysql_real_escape_string()

  foreach($_POST AS $key => $value) { 
    $_POST[$key] = mysql_real_escape_string($value); 
  }
?>