[rachelbythebay]

    $query = "SELECT " + $_POST["foo"] + "...";
    db_run_whatever($query);

What you call that depends on what you know about the situation and the bigger picture.

It doesn't change what it is, or what it implies.