henry0 - 2:41 pm on Jun 14, 2006 (gmt 0)

So you did find the right place :)
First you need to surround each post with a function similar to this one:
That could be located at root level
And named: secure.php

<?
function Clean($string){
if (get_magic_quotes_gpc())
{
return $string;
}
else
{
return mysql_real_escape_string($string);
}

$string = trim($string);
$string = safeEscapeString($string);
$string = htmlentities($string);
return $string;
}
foreach($_POST as $name => $value){
$_POST[$name] = Clean($value);
}
foreach($_GET as $name => $value){
$_GET[$name] = Clean($value);
}
foreach($_COOKIE as $name => $value){
$_COOKIE[$name] = Clean($value);
}
foreach($_REQUEST as $name => $value){
$_REQUEST[$name] = Clean($value);
}
?>

Using it:

Include the file within your form destination script
require_once("../../secure.php");

Next:

For example: $main_title =Clean($_POST['main_title']);

Other security
Example email regex:

if (isset ($email) &&!empty ($email) )

$regexp = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$";
if (!eregi($regexp, $email))
{
echo "The email should ONLY contain Alphanumerical Characters! (Alphabetical and numeric) And: @ and - or_ <br>
<b>You entered: $email</b><br>
<a href='../register.php'><b>Please try again</b></a>";

Exit();
}
else
{