function clean($a)
{
	if(get_magic_quotes_gpc())
	{
		$a = stripslashes($a);
	}
	$a = mysql_real_escape_string($a);
        $a = htmlentities($a);
	return $a;
}

Just a small function to sanitize the user's input of any xss and sqli. I saw a lot of ones that didn't include htmlentities or htmlspecialchars, and were still vulnerable to persistent/reflected xss.

Sanitize (MySQL and XSS)

php, user

PHP