выполнить PHP MySQL надежно

mysql_real_escape_string($user); //Use before implementing in MYSQL query
//for data safe handling and avoiding hacking injection in Database
Armandres