topr8 - 8:15 am on Sep 22, 2011 (gmt 0)
>>Does anybody know of a function pre written that covers all bases?
no, to be really safe you should customise your 'cleaning' functions to suite each input...
if you expect an integer then test for an integer.
if you expect a month in the format 01-12 then test for that.
if you expect a text field with a maximum of 64 characters make sure you also test for a string with maximum length of 64.
ensure you only allow the characters that you want (eg you might want to disallow html for many good reasons)
what rocknbil said is a good shortcut although i always do something like:
$clean_post1 = clean($_POST['post1']);
this way i never accidently use a variable for a database insert that hasn't already been cleaned. (using an array like Oxidiser said also makes sense)
it is more long winded to test the data properly, if you don't you are building up trouble for the future one way or another - even if just from having wrong data inserted into your database fields