The ultimate clean/secure function

Question

I have a lot of user inputs from $_GET and $_POST... At the moment I always write mysql_real_escape_string($_GET[\'var\'])..

I

Answer 1

You're looking for filter_input_array(). However, I suggest only using that for business-style validation/sanitisation and not SQL input filtering.

For protection against SQL injection, use parametrised queries with mysqli or PDO.