well title sais it all.
I read around a bit and gathered a nice function which should kill the above two problems.
Im not sure it works though, was your take on it?
function fullclean($input) {
if(is_array($input)){
foreach ($input as $key => $value) {
$input[$key] = fullbrush($value);
}
} else {
$input = fullbrush($input);
}
return $input;
}
function fullbrush($input) {
$output = strip_tags($input);
$ouput = htmlspecialchars($output, ENT_QUOTES);
$trans = array('"' => """, "'" => "'");
$output = strtr($output, $trans);
$output = quote_smart($output);
return $output;
}
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
