Is it recommended to have a santizing function that combines two or more built in sanitizing functions in php?

Question

Is it okay to employ a function that sanitizes the incoming inputs due to a form submission or any other request. It is time saving but the question of effectivenss and efficien

Answer 1

Yes, you can create a simple function to sanitize a value before use it. I use a function like that:

function sanitize($value)
{
    return htmlentities(addslashes($value));
}

Which escape ' and " and convert all applicable character in html entities. Mine is more complicated with other option, but you can begin from it.

Answer 2

each function serves its own purpose, you shouldn't use any function not for their intended use.

1. you should use mysql_real_escape_string before using the parameter in mysql query.
2. you should use htmlspecialchars before outputting to page.

that's about it.