Help needed with user input security

I am trying to create a function to check user inputs. I have the following called cleanup.php

function clean_input($string)
{
	if(function_exists('mysql_real_escape_string'))
	{
		if(get_magic_quotes_gpc())
		{
			$string = stripslashes($string);
		}
		$string =  mysql_real_escape_string($string);
	}
	elseif(function_exists('mysql_escape_string'))
		{
			if(get_magic_quotes_gpc())
			{
				$string = stripslashes($string);
			}
			$string =  mysql_escape_string($string); 
		}
		else
		{
			$string = addslashes($string);
		}

	return $string;
}

if($_POST['fname']) $fname = clean_input($_POST['fname']);
if($_POST['sname']) $sname = clean_input($_POST['sname']);
if($_POST['adr']) $adr = clean_input($_POST['adr']);
if($_POST['adr1']) $adr1 = clean_input($_POST['adr1']);
if($_POST['toci']) $toci = clean_input($_POST['toci']);
if($_POST['cty']) $cty = clean_input($_POST['cty']);
if($_POST['ctry']) $ctry = clean_input($_POST['ctry']);
if($_POST['pcode']) $pcode = clean_input($_POST['pcode']);
if($_POST['tel']) $tel = clean_input($_POST['tel']);
if($_POST['mob']) $mob = clean_input($_POST['mob']);
if($_POST['email']) $email = clean_input($_POST['email']);
if($_POST['arrtime']) $arrtime = clean_input($_POST['arrtime']);
if($_POST['option1']) $option1 = clean_input($_POST['option1']);
if($_POST['option2']) $option2 = clean_input($_POST['option2']);
if($_POST['option3']) $option3 = clean_input($_POST['option3']);
if($_POST['option4']) $option4 = clean_input($_POST['option4']);
if($_POST['option5']) $option5 = clean_input($_POST['option5']); 
if($_POST['option6']) $option6 = clean_input($_POST['option6']); 
if($_POST['option7']) $option7 = clean_input($_POST['option7']);
if($_POST['option8']) $option8 = clean_input($_POST['option8']);
if($_POST['option9']) $option9 = clean_input($_POST['option9']);
if($_POST['option10']) $option10 = clean_input($_POST['option10']);
if($_POST['uname']) $uname = clean_input($_POST['uname']);
if($_POST['upass']) $upass = clean_input($_POST['upass']);
if($_POST['db_name']) $db_name = clean_input($_POST['db_name']);
if($_POST['db_user']) $db_user = clean_input($_POST['db_user']);
if($_POST['db_host']) $db_host = clean_input($_POST['db_host']);
if($_POST['db_pass']) $db_pass = clean_input($_POST['db_pass']);

I will then ssi this into the page which is parsing the inputs.

What I want to know is if there is a more efficient way of cleaning up user inputs. I have come across a script that seems a bit better but am not sure how to implement it.

foreach ($_POST as $key => $value) {
    $key = clean_input($value);
  }

If i could implement something like this I think it would be less time consuming and I would have to add each input field.

Can anyone help

Not sure if it’s timeconsuming or not (if it is, you should try to do some benchmarking with echoing timestamps etc. to find out where the bottleneck is), but when including PHP into PHP, it’s best (imho) to use include or require.

Thanks for your reply, the following seems to be working.

function clean_input($string)
{
   if(function_exists('mysql_real_escape_string'))
   {
      if(get_magic_quotes_gpc())
      {
         $string = stripslashes($string);
      }
      $string =  mysql_real_escape_string($string);
   }
   elseif(function_exists('mysql_escape_string'))
      {
         if(get_magic_quotes_gpc())
         {
            $string = stripslashes($string);
         }
         $string =  mysql_escape_string($string); 
      }
      else
      {
         $string = addslashes($string);
      }

   return $string;
}

foreach ($_POST as $key => $value) {
    $key = clean_input($value);
  }

I have then echoed the posts

echo $_POST[‘input’];

and its stipping the tags <> and adding slashes to " to for instance if someone types

$so(“something”);