I have my own methods for handling form inputs in a few systems, but I wonder if there are more efficient ways to deal with it - I've done some looking around but haven't come up with much. All in all, my approach is probably pretty common and very much custom every time. The standard way I deal with inputs:
1 - stripslashes based upon PHP setup for magic_quotes via array_map
2 - for each individual $_POST I'll regex and/or process the input thus $cleaning it (error messages created to send a user back to the form as needed)
3 - addslashes via mysql_real_escape_string() based upon PHP setup
4 - build queries and execute (I sure wish I could build these dynamically but I don't see how it's really feasible)
Steps 2-4 are mostly custom even though I have a collection of tools to deal with things. Is there something else I should consider here - different approaches? Is/are there any other tools (classes I guess) that could process these dynamically?
