<?php

class Database {

public function protect($data){
		
		$data = trim($data);
		$data = stripslashes($data);
		$data = strip_tags($data);
		$data = mysql_real_escape_string($data);
		return $data;
	}

}

$database = new Database();
$txt = '<strong>\\\Test///</strong>';
$txt = $database->protect($txt);
echo $txt;

And output have a <strong> tag, slashes and all with zero errors.
I try and different way to structure the function:

public function protect($data){
		
		trim($data);
		stripslashes($data);
		strip_tags($data);
		mysql_real_escape_string($data);
		return $data;
	}

But the output is the same :(
Where is my wrong?
If anyone know more good way to secure the mysql let share. Thanks for all ideas

Member Avatar

diafol

If anyone know more good way to secure the mysql let share. Thanks for all ideas

Use PDO.

As a quick debug:

public function protect($data){
		$data = trim($data);
                echo "TRIM: $data<br />";
		$data = stripslashes($data);
                echo "SSLASH: $data<br />";
		$data = strip_tags($data);
		echo "STAGS: $data<br />";
                $data = mysql_real_escape_string($data);
		echo "MRES: $data<br />";
                return $data; 
}
commented: Good and clean +1