if(get_magic_quotes_gpc()) {
$_POST = array_map('stripslashes',$_POST);
}
$_POST = array_map('mysql_real_escape_string',$_POST);

From reading the php manual the code above would be a shorthand version of having to name all the variables posted like so mysql_real_escape_string($var1, $var2), since it references $_POST in the array_map. Is that correct? It should cover all POSTED values.

This is essentially the same as what I found in a tutorial prior to finding it here, and the writer included $_GET and $_COOKIE as well. My question is where to place this portion of code because I want it to work right? In the article with the similar code it said

"How to parse out mySQL injection techniques, this can be done with a few lines of code at the top of every page. Usually you
would just write these in a file and include it in all your php files."

I wanted to clarify that the shorthand method can be placed at the top (I don't see a problem with it), because other methods in the php manual show the exact function mysql_real_escape_string going right after the SQL query as the documentation states or custom fuctions being written to "clean" data. It seems like it would be much easier to use the code above, and cover all your posted variables all at once. Thank you for clarification.