Escape Output
(Chapter 1, Introduction - Pg 13-14)
<?php
$html = array();
$html['username'] = htmlentities($clean['username'],
ENT_QUOTES, 'UTF-8');
echo "<p>Welcome back, {$html['username']}.</p>";
$mysql = array();
$mysql['username'] = mysql_real_escape_string($clean['username']);
$sql = "SELECT *
FROM profile
WHERE username = '{$mysql['username']}'";
$result = mysql_query($sql);
?>