There are many ways of doing this. I always said it's easyer to attack rather than protect yourself so there's always gonna be an open door if you ask me. Anyways, I'm writing this code to encourage webmasters to protect their valuable work by using this PHP function.
One of the best methods is to protect any information that is used in an SQL statement. The following function will strip out any harmful information from a given string before it will be used in a statement or whatever.
The best (and easiest) way to do this is to make sure you strip out any and all special
HTML characters, particularly the "<" and ">" characters.
function clean_content($content) {
$content = stripslashes(trim($content));
$content = nl2br($content);
$content = htmlentities($content);
return $content;
}
