Clean & Safe string in PHP [duplicate]

Answer 1

I would remove some special characters thet have nothing to do in such strings and could be used for code injections, like $ % # < > | and so on.

$invalid_characters = array("$", "%", "#", "<", ">", "|");
$str = str_replace($invalid_characters, "", $str);

Answer 2

What should I add to my function to be sure that every string that passes it will be 'server-friendly'?

This should work:

function checkInput($str) {
  return "";
}

For a more detailed explanation, see here

Answer 3

About DataBase, check PDO placeholders. They are cross DBMS.

Answer 4

What does server friendly mean?

For validation such as email addresses take a look at data filtering.

To make sure a string is safe for database's use escaping such as mysql_real_escape_string

When outputting data use htmlspecialchars