$_ = array();
foreach($_POST as $key=>$val){
$_[$key]=mysql_escape_string(htmlentities($val));
}
foreach($_GET as $key=>$val){
$_[$key]=mysql_escape_string(htmlentities($val));
}

utilisation:
echo $_['MaVariablePostOuGet'];