Basic Data Securing

Secures every data available within the POST & GET From XSS & SQL injection.
of course to run the clean() function the script myst be connected to a database, in order for the mysql_real_escape_string() function to work
Putting this snippet at the top of the page will do the job.
so we don't have to add the clean function to evry single variable ouselves

// cleaning function
// of course. the script must be connected to a database.
function clean($data){ 
   return mysql_real_escape_string( htmlentities( $data ) );
// start filtering $_POST, $_GET and secure any data within
$data = array_merge($_POST, $_GET);
foreach( $data AS $key => $val )
   $data[ $key ] = clean( $val );
  • Hi,

    If you are using PHP5 (>= 5.2.0) you can make use of Filter functions, specially this one: filter_var_array, that gets multiple variables and optionally filters them.

    For more information, you can see the PHP reference guide:


  • Jonathan

    Some servers (with magic_quotes enabled) automatically addslashes the GET/POSTs so I advise using the following if you’re having that problem (otherwise you’d get double backslashes):

    $val )
    $data[ $key ] = clean( $val );

  • is this working? i tried it on my development server and nothing happened. the sql injections still gets through.