strip_tag() and addslashes() are enough to prevent 'cross site scripting' and 'sql injection' ???? thanks inadvance

Most definitely not.

For example, [man]addslashes/man should never be used to protect against SQL injections.

fernandodonster wrote:

strip_tag() and addslashes() are enough to prevent 'cross site scripting' and 'sql injection' ?

Yes, unless you make exceptions by allowing tags (but then strip_tags can be very destructive compared to htmlspecialchars or htmlentities); no, you should use an appropriate escaping mechanism, e.g., prepared statements, casting to the numeric type, or the string escaping function provided by the database interface.

if No
Could you suggest a good solution..

laserlight just offered several possible solutions.

fernandodonster wrote:

Could you tell the important php commands for that?

For what exactly? If you are talking about preventing SQL injection then you should also state what database interface you use.