Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
$findIn = implode("', '", $arrayItems);
$query = "SELECT * FROM `table` WHERE `ID` IN ('".$findIn."');";
I can't just do this, though, because the array of items came from user input. Specifically, from a text box exploded into the array. I can't addslashes before putting items into the array because I do all sorts of comparisons and what not on the array before it gets to this point. I don't want to loop through it becuase it could be big and I am trying to be optimal. I obviously can't addslashes after the implosion because I'm putting those quotes in there, which I need because it is an alphanumeric field and could have spaces.