php - How do I sanitize data from users before sending it to mySQL? -

i making forum @ moment.

i sanitize input data (that is, posts users) before sending mysql database.

i have been searching functions that, i'm not sure if have used enough of them , if they're secure enough. suggestions welcome.

here code have:

$message=$_post['answer']; $message=nl2br($message); //adds breaks text $message=stripslashes($message); //removes backslahes (needed links , images) $message=strip_tags($message, '<p><a><b><i><strong><em><code><sub><sup><img>'); //people can use tags inside 2nd param $message = mysql_real_escape_string($message); //removes mysql statements think (not sure) 

edit: please tell me if should add tags strip_tags function. maybe have forgotten some.

try using pdo instead. has great binding function, improves security. here's examples: http://php.net/manual/pl/pdostatement.bindvalue.php

pdo default in php5, pretty everywhere these days.