Validating a web form in php beyond use dating usp 795
Note that you should proceed to validate the resulting numbers as well.
As you see, this is not only beneficial for security, but it also allows you to accept and use a wider range of valid user input.
However, there are bad, good and "best" approaches.
Often the best approach is the simplest in terms of code.
It can take upwards of 90 regular expressions (see the CSS Cheat Sheet in the Development Guide 2.0) to eliminate known malicious software, and each regex needs to be run over every field. Just rejecting "current known bad" (which is at the time of writing hundreds of strings and literally millions of combinations) is insufficient if the input is a string.