Still say a SELECT followed by either INSERT, UPDATE, or nothing would be better.
If you did that all in a Stored Procedure, it would still only involve one call from PHP.
And why did you reject my idea about adding the mysql_real_escape_string??
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.