When accepting user input for redisplay, and particularly if it will be inserted into a database, it’s important that you sanitize the input to remove any malicious attempts at hijacking your server, or otherwise injecting unwanted MySQL commands, HTML, or JavaScript. ## the function ```php function SanitizeString($string){ $string = strip_tags($string); return htmlentities($string); } function MysqlSanitizeString($string){ if(get_magic_quotes_gpc()) $string = stripslashes($string); $string = SanitizeString($string); return mysql_real_escape_string($string); } ``` ### About the Recipes These recipes take a string and sanitize it for reuse on your web site and/or in a MySQL database. They require this argument: >  **$string**   A string to be sanitized.