Creation of a disinfectant function

Reading all the disinfection posts left me so confused. I am building a blog type site and need to sanitize user input that will go into the database (user profile information, blog posts and comments), as well as specific ids and usernames from GET requests to use requests to display information.

Here's what I've put together based on what I've read:

function escape($data) {
    global $conn;
    connect();
    $data = $conn->real_escape_string($data);
    $conn->close();
    $data = str_replace(chr(0), '', $data);
    return $data;
}

function sanitize($data) {
  $data = trim($data);
  $data = strip_tags($data);
  $data = stripslashes($data);
  $data = escape($data);
  $data = htmlspecialchars($data);
  return $data;
}

      

        
        
        
      

    

Stem folds confuse me a little. I know PHP automatically puts them in GET and POST requests and double slashes can be a problem. Should I put the addlashes () functions in the function after stripslashes to make sure everything is ok?

For all insert and update statements, the inserted values ​​are bound using prepared statements, but all other statements are not prepared (and executing prepared statements on them will not be effective at this stage in this project for various reasons).

I would like to receive your feedback. As I said, this is all very confusing!

UPDATE:

I added data $ data = str_replace (chr (0), '', $ data); to protect against null byte injection. Is it correct?

BTW, the only GETs that go into the requests are either ID numbers (which I have a function that removes everything but numbers) or usernames. I am using the evacuation function above to sanitize the username before entering any requests. Is that good enough?

A sanitization function that I use on blog posts and profile information that is provided by the user and inserted into a table via a prepared statement.