I'm having a html form and pass input from text fields via php to a sql database server. I want to filter all special characters that could be a problem like "?" or "!" etc, and also all special characters that might be a security problem for the sql server like ";", without restricting the user too much. So I wonder what special character I have to filter out? Any comments/ideas?