Well, I have one, but all it seems to do is unset the variable.
Code:

function clean($var){
$var = mysql_real_escape_string($var);
$var = stripslashes($var);
$var = htmlentities($var);
return $var;
}
I already have searched for one, but there aren't any.
I know someone on here had one before, anyone know where it is?

i always just use



function clean($str)
{
$str = strip_tags(addslashes(stripslashes(htmlspecialchar s($str))));
return $str;
}

function clean($var){
$var = mysql_real_escape_string($var);
$var = stripslashes($var);
$var = htmlentities($var);
return $var;
}What i don't get it why you've used mysql_real_escape_string which adds a \ before each " or ' then you've used stripslashes that's just gonna undo that?
try..


function clean($str)
{
$str = mysql_real_escape_string($str);
$str = htmlspecialchars($str);
$str = strip_tags($str);
return($str);
}
That should work..

in case of magic quotes?

i always just use



function clean($str)
{
$str = strip_tags(addslashes(stripslashes(htmlspecialchar s($str))));
return $str;
}

Why do you add slashes then remove them!??!!?! Bit pointless.

addslashes - Should be used when inserting data into MySQL as it prevents ' characters.
stripslashes - Should be used on output. Stripslashes removes the effects of addslashes when outputting onto a page
htmlentities - Should be used on page output to deactivate HTML therefore if you want to use the html on some pages it is avaliable.