ramiraz wrotePadre I did the auto-registration too but i keep it to myself (or maybe launch a pro-version). Anyway what do you recommend for query sanitization? I heard parameterized queries are better than "mysql_real_escape_string" but i don't really know how to do it...
Why is it better? they both prevent SQL injection. To parametrize you would need to switch from mysql to a PDO object where you have a prepare:
pdo->prepare(...
pdo->execute
or keep using mysql, and use mysql_real_escape_string, I did not find difference between both and i think it is a matter of choice.