PHP - HOW TO PROPERLY Complete Clean/Santize User Input ini PHP

PHP The PROPER Way to 100% Completely Clean and Sanitize User Input which will Strip All Potentially Dangerous, Security Risk Characters from Code

Here is a simple function that 100% santizes user input which removes all security risks as well as making the user input ready for use with mysql.

This function may be overkill as the first line of code $data = filter_var($data, FILTER_SANITIZE_STRING) does the trick but when it comes to user input, overkill is good and underkill is something you will forever regret!

function clean_dangerous($data, $len_limit = 0){ // PREVENT BUFFER OVERFLOW ISSUES BY ENFORCING // STRINGS LENGTH CAN ONLY BE X CHARACTERS LONG if($len_limit){ $data = substr($data, 0, $len_limit) } // REMOVE ANY HTML TAGS AND CONTENT [<script>, <a href] $data = filter_var($data, FILTER_SANITIZE_STRING); $data = stripslashes($data); // REMOVE SLASHES [/] $data = strip_tags($data); // FURTHER REMOVE ANY REMAINING HTML TAGS // CONVERT CERTAIN CHARACTERS TO HARMLESS HTML ENTITIES [< becomes >] $data = htmlentities($data, ENT_QUOTES, 'UTF-8'); return $data; }