Somethings you may wanna look at when filtering form data is rather your using a database or not, personally id create a nifty little function like this
<?php
function CleanData($string,$forDb = false){
if($forDb === true){
global $conn;
if(magic_quotes_gpc() == 1){
$string = stripslashes($string);
}
return mysqli_real_escape_string($conn,trim(htmlentities($string,ENT_QUOTES,'UTF-8')));
}else{
return trim(htmlentities($string,ENT_QUOTES,'UTF-8'));
}
}
And you would use this function like this
$name = (isset($_POST['name'])) ? $_POST['name'] : false;
//Make our data clean
$name = CleanData($name,true);
as you can see i set the parameter $forDb to true only set this to true if you are inserting data into a mysql database or passing any data to mysql otherwise you can leave this blank and it will result to its default value of false. Hope this helped some.