jbroder - 7:51 pm on Sep 21, 2011 (gmt 0)
To prevent sql injection and xss attacks, you might add something like this:
$str = strip_tags($str);
$str = preg_replace("/[':&#()]/","",$str);
It is probably not a complete list, but it's a start. I'd love to see somebody tell me how to improve it.