I am writing a code which will process the user text input in a registration form. I have implemented the following function which make sure that the input data is safe:
function input_check($Indata, $dbc) { // input_check($Indata, $dbc)
$Indata = trim($Indata); // remove white spaces
$Indata = stripslashes($Indata); // remove back slashes
$Indata = strip_tags($Indata); // remove html tags
$Indata = htmlspecialchars($Indata); // convert html entities
$Indata = mysql_real_escape_string($Indata,$dbc);
return $Indata;
}
Is there any other processing that I have to do in order to ensure that the input is safe?
I meant safe from malicious input data