In nearly all of my PHP tutorials you’ll see me using the secure function to sanitise incoming user data from things like forms, and $_GETs . Its a small function, which no doubt alot of you already have, but here it is anyway.

function secure($string) {
		$string = strip_tags($string);
		$string = htmlspecialchars($string);
		$string = trim($string);
		$string = stripslashes($string);
		$string = mysql_real_escape_string($string);
	return $string;

	}

As you can see, it basically sanitises the heck out of everything. Some people say its an overkill but you can use it in almost every situation when user data is incoming.