Mysql secure query

Avoid sql injection by using the following query

// This is a vulnerable query.
$query = "SELECT * FROM hioxscraps WHERE title='$mysql'";
mysql_query($query);

// This query is more secure than above
$query = sprintf("SELECT * FROM hioxscraps WHERE title='%s'",
mysql_real_escape_string($mysql));
mysql_query($query);