Date: 11/02/05 (PHP Community)    Keywords: mysql, database, sql, security, spam

for the last few days someone has been testing my various forms to see if they can send 'extra' email headers. stupid spammers...

This got me thinking about ways of 'cleaning up' user input, and I was wondering how other people go about it. I know input validation depends on what exactly the input is (ie guestbook comment would be treated differently to a query string), but in general terms

my current method involves stripping newline characters (\r\n), stripslashes (and then mysql_real_escape_string anything that's going into a database), trim, and strip_tags if need be.
I also have some things that use regular expressions to check/remove any unwanted characters etc. I'm probably missing lots of important things, but I seem to be picking stuff up as I go along, and I'm getting quite paranoid about security, which can't be a bad thing. heh.

Anyone else got a different approach, or any general tips/links?

Source: http://www.livejournal.com/community/php/363396.html