I have a function on my site to remove any of the following characters from forms. This is for security to prevent SQL injection, access to the command line, etc.
I'm sure there is a more efficient way of doing this by adding all the forbidden characters to an array but at the moment I have:
function userInput ($string) {

//Removing anything from the filename string that contains the following characters:
$string = str_replace(';', '', $string); //security
$string = str_replace('#', '', $string); //security
$string = str_replace('=', '', $string); //SQL injection
$string = str_replace('<', '', $string); //SQL injection
$string = str_replace('>', '', $string); //SQL injection
$string = str_replace('"', '', $string); //SQL injection
$string = str_replace('\'', '', $string); //SQL injection
$string = str_replace('%', '', $string); //SQL injection

return $string;

} //end function

Can I do this with just 1 str_replace line of code?
Thanks.