I mixed yours (from your blog) and mine, I like this:
Code:
function clean($value) {
// I clean the string up when my function is called.
$search = array('javascript:',
'document.location',
'vbscript:',
'<marquee',
'<script',
'?php');
$value = str_replace($search, '_', $value);
$value = mysql_real_escape_string(strip_tags(trim($value)));
return $value;
}
function vdata($value) {
if (get_magic_quotes_gpc()) {
//if the dope has magic quotes on, strip them
$value = stripslashes($value);
}
if (!is_numeric($value) || $value[0] == '0') {
// now do the cleaning
$value = clean($value);
}
return $value;
}
Then just call like this:
Code:
$value = vdata($_POST['value']);