Sanitizing Input

Anon

Anyone have a code snippet to sanitize user input. I know perl is vulnerable to a certain point by using the NUL character in inputs and I was wondering if PHP is also, and whether someone has a code snippet to do this. Sorry just feeling to lazy to think of one myself. I had one for my perl scripts but don't feel like rehashing the idea in PHP...
On a similar note, are there any practices in particular anyone would recommend for safe programming? For example, functions to stay away from.
TIA

Anon

I use a couple of methods, hope these help!:

First, I trim off any trailing spaces, extra characters, etc, and verify the field is filled out with something like:

if (!(trim($form_name)=="" || (trim($form_address)=="")

{
echo your error statement here, etc.
}

To strip of dangerous input, I use something like:

$yourupdate = mysql_db_query($DB, "UPDATE address_record SET address ='".addslashes($address)."',city = '".addslashes($city)."')

...you get the idea...hope that helps!

Anon

Hey Chris,
Thanks for the tips. I use addslashes regularly, I learned about that function the hard way, passing encrypted data to mysql and having trouble getting it back out again. that was fun. will addslashes help sanitizing things like the email function?
thanks for the blank form field detection, I suppose I'd have to pass back all the values in the form to keep it filled in though huh? Any cool tricks to do that, other than a lot of hidden form fields?