I am developing site using php/mysql. I have read some security tutorial and develop function to valid user input ( for registration , login, posting , showing result, search result pages etc.)

I am giving functions,

Is it ok or I am missing something, plz comment on this.

1) on every php page

error_reporting (????);
set_magic_quotes_runtime(0);

???? = tell me exact code

2) Functions to validate user all input
( I don't want any html tag or slashes input from user)

function ValidateString($userinput)
{

if (!get_magic_quotes_gpc()) {
$userinput = stripslashes($userinput);
}

$userinput = strip_tags($userinput);
$userinput = htmlentities($userinput);

return $userinput;
}


function ValidateSQL($userinput)
{
$userinput = ValidateString($userinput);

$userinput = mysql_real_escape_string($userinput);

return $userinput;
}

function ValidateNumber($userinput)
{
$num = 0;

$userinput = ValidateSQL($userinput);
if (is_numeric($userinput)) {
$num = $userinput;
}

return $num;
}


3) storing all session in temp. table

4) I have taken all major steps to protect in php.ini file like register variable security issue etc.
(If you have any check list then plz post it)

5) how many point you will give for funtions
ValidateString, ValidateSQL, ValidateNumber

poor security = 0, 1, 2, .......... 10 = highly secured


6) As I said If you have any security check list (steps) then plz post it


regards