How to clean a variable against xss and sql injections attack?
This should be quite efective:

$var=mysql_real_escape_string(trim(htmlspecialchars(strip_tags($_GET['var']))));