Hi Claire,
Thanks for the quick reply.
In this case (like below, sample from the generated Membership profile page) i don't need to escape the values.
Is this general in PHP (no need for escaping values in array) or the built-in functions are ready with escaping?
$colsToValues = array();
$colsToValues['agree_tos'] = $_REQUEST['agree_tos'];
$colsToValues['fullname'] = $_REQUEST['fullname'];
$colsToValues['username'] = coalesce( @$_REQUEST['username'], $_REQUEST['email'] ); // email is saved as username if username code (not this line) is commented out
$colsToValues['email'] = $_REQUEST['email'];
$colsToValues['updatedByUserNum'] = $CURRENT_USER['num'];
$colsToValues['updatedDate='] = 'NOW()';
mysql_update(accountsTable(), $CURRENT_USER['num'], null, $colsToValues);
Thank you in advance,
Karls