escaping input in php

I wrote a code.. but now I don't know which version is a better one.. Is there any possibility couse of 1st version my code is vulnerable?

Version 1:

$destination = $_POST['var'];
$destination = strip_tags(trim($destination));

Versi开发者_开发百科on 2:

$destination = strip_tags(trim($_POST['var']));

As neither strip_tags nor trim change the input string, there is absolutely no difference between the two versions.

They're both exactly the same.
What are you escaping the input for? Database? XSS?

Both snippets are exactly the same. Some people will say the first one is better for readability and some people will say the second one is better for conciseness.

Both of the versions mean SAME, you can use any. In my opinion you must use the filter_var, to filter the the input string...

Both versions are the same in terms of vulnerability. If injection is what you're worried about, you may want to include addslashes().

Which is better? Version 2 will actually benchmark a little faster. Setting a variable to another is just an unnecessary step in the process. I would suggest that version 1, while not technically wrong, is bad practice. Even though the resulting value is the same.

Well, strip_tags can still be exploited. A slightly better solution might be the following:

$destination = htmlentities(trim($_POST['var']));

However this is still not enough, extra work should be done if the $_POST['var'] will go into the database.

Make sure that you understand what htmlentities() does exactly before implementing it in your code on a production level.