I'm new to php and have come up with what I think is how you're supposed to check for valid data.
Can you please tell me if I'm on the right track, and if I'm missing anything from this example:
$name = getElementByID('name')
$pass = getElementByID('pass')
$cleaner-name = stripslashes($name)
$cleanest-name = mysql_real_escape_string($name)
$cleaner-pass = stripslashes($pass)
$cleanest-pass = mysql_real_escape_string($pass)
$some-pattern = test
give error message
enter into database
I pass both variables through stripslashes(), and mysql_real_escape_string() to ensure that any malicious code wont hurt the website.
Then I compare the resulting values against my pattern to ensure that they're valid.
If it's valid, it gets put into the database, if it's not, the user get's an error.
Is there anything I've missed?