- urlencode: documentation ( source)
- filter_input: documentation ( source)
- htmlentities: documentation ( source)
- strtolower: documentation ( source)
<?php
$_GET['q'] = '\'; drop table `user`';
echo strtolower(htmlentities(urlencode(mysql_real_escape_string($_GET['q']))));
echo filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);