Being safe with user's input

All-in-all, what steps should be taken to insure a safe input.
There are many precautions, can anybody fill me in on the rest.

• Trim white spaces
• Check for invalid characters
• Make string to lowercase (in some cases)

Is there anything that I missed?

hiya

strip slashes
strip tags
and there is no way you can be 100% safe :P

Can somebody please make a function that does it all.

Hi.

I usually just run the input through the htmlspecialchars function. It converts all HTML tags into characters that the browser will display as text rather than parse into something nasty. Does nicely unless I am looking for something more specific, like SQL injection or something like that.

This, as well as everything else, is never 100% safe, but it will neutralize most attempts to harm blogs and forums. People that do that kind of stuff are usually idiots trying to impress other idiots by showing of their non-existing hacking skills. I won't loose much sleep worrying about that.

If you were to specify what kind of input you are talking about we might have some more specific answers.

call it like:

Expand|Select|Wrap|Line Numbers

1. function secureData($string, $lowercase = false)
2. {
3. $string = trim($string);
4. $sting = htmlspecialchars($string);
5.  
6. if ($lowercase)
7. $string = strtolower($string);
8.  
9. $string = stripslashes($string);
10.  
11. return $string;
12. }

call it like:

Expand|Select|Wrap|Line Numbers

1. $sting = secureData($string, false);

If only I could spell

call it like:

I wanted to retrieve a simple alphanumeric string through URL.
This is what I made, (and again, every case is different, and you'll never be %100 safe):
[PHP]
function clean($str){
$str=strtolower($str);
$str=trim($str);
$str=htmlspecialchars($str);
$str=preg_replace('/[^A-Za-z0-9 ]/', '', $str);
$str=stripslashes($str);
return $str;}[/PHP]
Calling it:
[PHP]$id = clean($_REQUEST['id']);[/PHP]
What's your opinion? Fine?