Case Studies on PHP Website Security from XSS Attack and Sql Injection

XSS (Cross Side Scripting) is a way to enter tag/script HTML  (injection) in to website for disrupt thats website.
Example attack with XSS: entered HTML or Javascript Code in some form, such like Comment Form. entered comment like this

I want to enter comment with  <script>alert('this xss attack'); </scipt>

if thats website don't have XSS filtering, when the comment appear, the alert script will working.
In PHP there are so many function, where we can use for xss attack filtering, and we can combine to make own xss filtering function

function xss_filtering($text) {
     $f = stripslashes (strip_tags (htmlspecialchars ($text, ENT_QUOTES)));
    return $f;
}
$text_comment = xss_filtering($_POST['comment']);

SQL Injection is a technic for manipulation sql command ..
Example Sql Injection in login form with " 'OR 1=1;//     " , thats logic will like this

SELECT * FROM user_table WHERE username=' ' OR 1=1;// ' AND password ='anything';

the logic is true, and whos ever can enter, ok lets make anti sql injection with PHP.

function sql_injection_filtering($data){
    $filter = mysql_real_escape_string($data);
     return $filter;
}
$username = sql_injection_filtering($_POST['username']);
$password = sql_injection_filtering($_POST['password']);
if (!ctype_alnum($username) OR !ctype_alnum($password)){
    echo "Only alpha numeric";
} else {
    echo "Login Succes";
}