Is this enough to clean all user input before its inserted into the database, or do I need to do more?
function preclean($value) {
if(get_magic_quotes_gpc())
return htmlentities(preg_replace('/[^\w\d\s\'"!&,\.!\?]/i', '', mysql_real_escape_string(str_replace('>', '>', str_replace('<', '<', stripslashes($value))))));
}
