I collect personal data from my users on my website and place it in a MYSQL database. Now I want to make 150% sure this data is safe, and can't be hacked, changed or accessed by a hacker.
Here's the steps I currently run through:
1) I have magic quotes turned off
2) I have register globals turned off
3) All $POST data I pass on my form runs through [b]mysqlreal_escape_string[/b], trim, [b]html_entities[/B] and strip_tags like so
$your_name = trim(mysql_real_escape_string(htmlentities(strip_tags($_POST['your_name'],ENT_QUOTES))));
4) I run regular expressions on my site for things like checking the validity of an email address etc...
5) I have a CATCHPA system in place
Now, I know that things like using Prepared Statements is best for making sure no attack takes place, and I am getting to a place whereby I will start using them.
But for now can anyone tell me that if I am doing all the above on my form that my data is safe, has all the correct procedures in place and it won't be hacked?