is this to much sanitising?

[devinmaking]

Hi guys

I was just wondering if i was being a little over the top.

With all post variables, even the <select> posts i am using this, i have setup a function so i do not have to code this on ever post but you will get my gist!

PHP Code:

<?php
$name = trim(strip_tags(htmlentities($_POST["name"])));
$name_secure = mysql_real_escape_string($name_secure);
?>

The reason i ask is if this is to much for a common form then its un-needed code which doesn't need to be there.

Or do i need to do more on the front of other hacks within form submittion and url injection etc.

[BluePanther]

All those functions perform different tasks, not all of them for security reasons.

trim removes whitespace, so its an aesthetic function more than anything. strip_tags removes markup tags, for information you want displayed without html. htmlentites replaces markup characters (like < and > for example) for displaying the html code as plain text, making the strip tags after it redundant. mysql_real_escape_string escapes characters that break out of queries (like ') to prevent mysql injection.

So to answer your question, it depends entirely on the effect you want on the input and output, although mysql_real_escape_string is essential for DB queries.