I'm trying to make an easy way to clean all input data from forms. Does this code make sense? And is it safe?
public function filter( $data )
{
if( !is_array( $data ) )
{
$data = trim($data);
$data = mysqli_real_escape_string( $this->link, $data );
}
else
{
//Self call function to sanitize array data
$data = array_map( array( 'DB', 'filter' ), $data );
}
return $data;
}
$_POST = $database->filter($_POST);
//will all post variables now be safely escaped?