function clean($str)
{
$cleaned = strip_tags(htmlspecialchars(addslashes(stripslashe s(htmlentities(mysql_real_escape_string(fix_magic_ quotes( $str )))))));

return $cleaned;
}a quick clean() function to stop $_Post and $_Get attacks :D

Edit: Now removed fix_magic_quotes as its not needed that im aware of.

function clean($str)
{
$cleaned = strip_tags(htmlspecialchars(addslashes(stripslashe s(htmlentities(mysql_real_escape_string( $str ))))));

return $cleaned;
}

any more security needed tbh?

Why addslashes then stripslashes? Remove the stripslashes if it is to clean input. Remove addslashes if it is to clean output.