-
PHP clean() Function
Well, I have one, but all it seems to do is unset the variable.
Code:
PHP Code:
function clean($var){
$var = mysql_real_escape_string($var);
$var = stripslashes($var);
$var = htmlentities($var);
return $var;
}
I already have searched for one, but there aren't any.
I know someone on here had one before, anyone know where it is?
-
i always just use
PHP Code:
function clean($str)
{
$str = strip_tags(addslashes(stripslashes(htmlspecialchars($str))));
return $str;
}
-
PHP Code:
function clean($var){
$var = mysql_real_escape_string($var);
$var = stripslashes($var);
$var = htmlentities($var);
return $var;
}
What i don't get it why you've used mysql_real_escape_string which adds a \ before each " or ' then you've used stripslashes that's just gonna undo that?
try..
PHP Code:
function clean($str)
{
$str = mysql_real_escape_string($str);
$str = htmlspecialchars($str);
$str = strip_tags($str);
return($str);
}
That should work..
-
-
Quote:
Originally Posted by
MrCraig
i always just use
PHP Code:
function clean($str)
{
$str = strip_tags(addslashes(stripslashes(htmlspecialchars($str))));
return $str;
}
Why do you add slashes then remove them!??!!?! Bit pointless.
-
addslashes - Should be used when inserting data into MySQL as it prevents ' characters.
stripslashes - Should be used on output. Stripslashes removes the effects of addslashes when outputting onto a page
htmlentities - Should be used on page output to deactivate HTML therefore if you want to use the html on some pages it is avaliable.