Ensuring safe input

zeberdeee

before i update mysql database with inputed form data i use:
strip_tags($blah) and addslashes($blah).
Is this sufficient to ensure safe data, as this input is often the source of output to the browser.

Better still as someone written a routine to ensure safe integrity of inputed data??

laserlight

For mysql DB it should be ok.

I generally use:

//for storage to database
function prepIn($input) {
	$input = trim($input);
	if (!get_magic_quotes_gpc()) {
		return addslashes($input);
	}
	return $input;
}

//for o/p to html page, textbox or textarea
function prepOut($output) {
	$output = stripslashes($output);
	return htmlspecialchars($output);
}

//for multi-line o/p to html page
function prepOutNl($output) {
	$output = stripslashes($output);
	$output = htmlspecialchars($output);
	return nl2br($output);
}

though of course prepIn() assumes that the data comes from get, post or cookie arrays.

zeberdeee

It will come from $_POST.
I will use the functions, thanks very much