When designing web applications, it’s important to sanitize data before storing them into the database. I use several PHP built-in functions namely trim, strip_tags, htmlspecialchars, and addslashes to sanitize my forms. This function has become a staple for all my web projects. So, here it is.

<pre lang="html">
function sanitize($in) {
  return addslashes(htmlspecialchars(strip_tags(trim($in))));
}

Whenever I need to sanitize a form input, I simply use the sanitize function before storing the data to the database.

<pre lang="html">
$_POST['firstname'] = sanitize($_POST['firstname']);