Is there a native PHP function for rejecting invalid $_POST data from simple text fields?

Currently I’m using custom filter functions with regular expressions, and would really like to simplify my code if possible.

For example, let’s say I have a form field for entering a last name. I want to check the submitted value and immediately reject the input if it contains any invalid characters.

Here are my criteria for considering PHP functions:

• A person’s last name might be “Smith-Johnson”, “Van Buren”, “O’Malley”, etc., so the function needs to tolerate spaces, hyphens, apostrophes, etc.

• My goal is to test the input and reject it right away — as opposed to sanitizing it and running it through additional filters and processing steps.

• Two examples of input that I want to catch are:

  username' --
  username; DELETE FROM users;
  

Here are the options I’m aware of and why I have doubts about using them…

1. is_string(): This function doesn’t seem to catch either of the two examples above

2. addslashes(): This function fails the second criterion

3. htmlentities(), htmlspecialchars(): Same as addslashes(); if input is invalid, I don’t want to keep working with it, even if it’s sanitized

4. strip_tags(): Fails the second criterion, but preferred over #3 because it eliminates unwanted characters rather than sanitizing them

5. filter_input(…FILTER_SANITIZE_STRING): As far as I can tell, this is identical to strip_tags(). **

6. ctype_alpha(), ctype_alnum(): Fails the first criteria because it doesn’t allow spaces and other characters.

7. Regex/Custom Functions: This is what I’ve been using. I’d really prefer to simplify my code and eliminate the (albeit minimal) regex overhead.

—

** Just curious: does PECL make filter_input() faster than strip_tags()?