php regular expressions? (preg_replace) How do you implement regular expressions to not allow certain char...?

Question

how do you use the preg_replace command to keep people from entering special characters in form fields? I'm trying to keep from being subject to an SQL injection attack. I've read articles, and tutorials on different websites, but I'm not understanding how to use the function. Examples would be greatly appreciated.

Answer 1

the best way, if you are going with a regular expression, is to replace everything that is not in the allowed characters. Your regular expression would look something like /[^a-zA-Z0-9]/ (the ^ at the beginning of the group means match everything that is not in this group, where without the ^ it would match everything in that group).