A simple PHP function to clean up user input.
It does following:

  • converts & to &
  • converts < to <
  • converts > to >
  • converts to "
  • and converts line-breaks to

The Function:

function clean($str) {
    $str = preg_replace('/&(?!#[0-9]+;)/s', '&amp;', $str);
    $str = str_replace(array('< ', '>', '"'), array('&lt;', '&gt;', '"'), $str);
    $str = nl2br($str);
    return $str;
}