Is this smart or no?

Question

Is it ok to use this code to trim and escape all post´s in my register function? or is it better practice to trim and escape each and every inputs

// Trim and sanitize our input
$_POST = array_map('trim', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);

if (invalidinput) dostuff
else insert into user (username,passwd) values ('{$_POST['username']}','{$_POST['passwd']}')

Answer 1

No, because:

1. It doesn't work for multi-dimensional arrays.
2. You might not use every single $_POST value as a DB parameter and thus 3).
3. It can be unnecessarily slow.
4. mysql_real_escape_string() might need the $link_identifier argument.

Point #1 can be worked out with a custom recursive function, at the expense of being even more slow.

Answer 2

No.

You shouldn't be escaping in the first place. You should be using bound parameters.