Can't get static function to work php

Question

So I wan't to create this function:

public static function formclean($string) {
    htmlentities(strip_tags(trim($string)));
    return $string;
}

Where the string gets prepared for MySQL database entry. However, when I call my function I:

$class->string = Class::formclean($_POST['string']);

It doesn't return the prepared string. When I write the next bit of code it does work.

$class->string = htmlentities(strip_tags(trim($_POST['string'])));

What am I doing wrong?

Answer 1

You forgot to capture the return value of htmlentities() into a variable:

public static function formclean($string) {
    $string = htmlentities(strip_tags(trim($string)));
    return $string;
}

Or, for short, just return that output directly:

public static function formclean($string) {
    return htmlentities(strip_tags(trim($string)));
}

Answer 2

1. Your issue has nothing to do with the static keyword.

2. You assume that $string gets modified by htmlentities() but such function doesn't receive parameters by reference: there's no way it can modify the original value.

   string htmlentities ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = 'UTF-8' [, bool $double_encode = true ]]] )

   A function that receives args by refrence would feature a & symbol, e.g. sort():

   bool sort ( array &$array [, int $sort_flags = SORT_REGULAR ] )

3. strip_tags() has nothing to do with databases or validation. It's just a way to corrupt user data. The proper way to prevent SQL injection is to use your database library features to inject parameters (namely prepared statements).