Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?
Def. a good idea, and I would suggest you take it a tiny step further and instead of doing the same 3 functions each time, just make a function called something like escape_text() that takes in the $_GET or $_POST variable and returns the escaped text. It'd just make it a little easier
Yeah i currently have a function that checks if a string is set and not empty, then returns the string with trim, mysql escape and strip tags.
Thanks for the tips appreciate it