Sanitize User Input Text with PHP

When you prompt user to input text (e.g. username, lastname etc), you may use Regular expressions to sanitize User Input, for example:

allow space, any unicode letter

if(preg_match("/[^\040\pL]/u", $term)) {
        die 'invalid characters';
}

allow space, any unicode letter and digit, underscore and dash:

if(preg_match("/[^\040\pL\pN_-]/u", $term)) {
        die 'invalid characters';
}

Never trust user input to avoid SQL Injection attacks or other type of attacks. You may use Prepared Statements when you insert user data in the database, but the first step is to sanitize user input.

References

Regular expressions (regex)