<file php secit.php>
/* Function for XSS/SQL/? escaping */
function secit($string, $clean = "") {
// HTML/XSS escape
        $out = $string;
        $escaped = 0;

        if ($clean == "full" || $clean == "html") {
                $out = htmlspecialchars($out);
                $escaped = 1;
        }
// SQL escape
        if ($clean == "full" || $clean == "sql") {
                $out = mysql_real_escape_string($out);
                $escaped = 1;
        }

// Return the string. Output error if the string was not cleaned.
        if ($escaped != 1) {
                return "E_NO_CLEAN";
        } else {
                return $out;
        }
}
</file>