Scanning general text - user inputs - for bad coding.

[iarp]

My current function for checking over user inputs is below, email and phone numbers work just fine.

 

I'm more worried about the insufficiency of text and textarea, this isn't being used live anywhere atm while i remake it and i'm out of ideas on how to scan general data.

 

Fields passing through text, textarea might be full names, addresses, subjects basically general things. I've been stumbling on ideas of what would be best practice to do this.

 

Any ideas?

 

# $tbc = data to be cleaned
# $type = email, phone, text, textarea
function escape_data($tbc, $type='text') {
	switch($type) {
		case 'email':
			if(preg_match('/(\w+\.)*\w+@(\w+\.)*\w+(\w+\-\w+)*\.\w+/', $tbc)){
				$op = $tbc;
			} else {
				$op = false;
			}
			break;
		case 'phone':
			if (!empty($tbc)) { 
				preg_match_all('/[0-9\(\)+.\- ]/s', $tbc, $cleaned); 
				foreach($cleaned[0] as $k=>$v) { 
					$ready .= $v; 
				}
				if ((strlen($ready) > 10) && (strlen($ready) <=25)) {
					$op = $ready;
				} else {
					$op = false;
				}
			 } else {
				$op = false;
			 }
			break;
		case 'text':
		case 'textarea':
			if (!empty($tbc)) { 
				$op = strip_tags($tbc);
			} else {
				$op = false;
			}
			break;
		default:
			$op = false;
	}
	return $op;
}

[Pikachu2000]

How data is cleaned/sanitized/processed is almost entirely dependent on what will be done with that data.

[iarp]

Just being sent in an email, no database work here.

[radi8]

if it ain't broke, don't fix it.

 

There are a million ways to do most everything, but if your solution works, and it is reliable, then you are good to go.