my functions of choice for cleaning up user input are
$input = mysql_real_escape_string($input);<br>$input = trim($input);<br>$input = strip_tags($input);<br>$input = htmlspecialchars($input);and then if I want to disallow certain characters then I just do the following.
$nono = array("=", "{", "}", ";", "[", "]","$","&");<br>$input = str_replace($nono, "", $input);