0xCuRL

I'm new here, but may i ask why you have your arrays like this? $drug_array[0] = "Rohypnol"; $drug_array[1] = "Valium"; $drug_array[2] = "Mcat"; $drug_array[3] = "Cannabis"; $drug_array[4] = "Speed"; $drug_array[5] = "Xanax"; $drug_array[6] = "MDMA"; $drug_array[7] = "Cocaine"; $drug_array[8] = "Heroin"; $drug_price[0] = "100"; $drug_price[1] = "250"; $drug_price[2] = "500"; $drug_price[3] = "750"; $drug_price[4] = "1500"; $drug_price[5] = "2500"; $drug_price[6] = "5000"; $drug_price[7] = "10000"; $drug_price[8] = "20000";   The numbers aren't needed. $drug_array = array(); $drug_array[] = "Rohypnol"; $drug_array[] = "Valium"; $drug_array[] = "Mcat"; $drug_array[] = "Cannabis"; $drug_array[] = "Speed"; $drug_array[] = "Xanax"; $drug_array[] = "MDMA"; $drug_array[] = "Cocaine"; $drug_array[] = "Heroin"; $drug_price = array(); $drug_price[] = 100; $drug_price[] = 250; $drug_price[] = 500; $drug_price[] = 750; $drug_price[] = 1500; $drug_price[] = 2500; $drug_price[] = 5000; $drug_price[] = 10000; $drug_price[] = 20000;   Also don't see the point in two arrays you can combine both of them like this. $drugs = array(); $drugs[] = array('name' => "Rohypnol", 'price' => 100); $drugs[] = array('name' => "Valium", 'price' => 250); $drugs[] = array('name' => "Mcat", 'price' => 500); $drugs[] = array('name' => "Cannabis", 'price' => 750); $drugs[] = array('name' => "Speed", 'price' => 1500); $drugs[] = array('name' => "Xanax", 'price' => 2500); $drugs[] = array('name' => "MDMA", 'price' => 5000); $drugs[] = array('name' => "Cocaine", 'price' => 10000); $drugs[] = array('name' => "Heroin", 'price' => 20000); Either that or do something like this. $drugs = array(); $drugs['Rohypnol'] = array('price' => 100);   You can do the rest. :)

The class is currently doing nothing. You should remove isset, htmlspecialchars and strip_tags. A function like this would be much better, in my opinion.   function escape( $data ) { if (is_null($data)) return "NULL"; if (is_bool($data)) return $data ? 1 : 0; if (is_string($data)) { if (get_magic_quotes_gpc()) // alot of shared hosts still have magic quotes enabled. $data = stripslashes($data); return mysql_real_escape_string($data, [Database Link]); } return $data; }   You should only really escape data going into the database, then use htmlspecialchars/htmlentities on output otherwise your going to-do it twice once going into the database and again on output. Which means using htmlspecialchars/htmlentities on input to the database, your going to have a lot more characters in the database. You can use strip_tags, but then again your users are going to wonder what is going on.