I am trying to figure out the most secure way to sanatize user input - I am using PEAR's HTML_QuickForm.

Options are:
- write my own sanatize function and incorporate it with Quickform by adding a rule
- use a built-in function like alphanumeric to filter out any suspicious characters
- customize the built-in function regex to filter out any suspicious characters
- use DB_common::quoteSmart()

Your thoughts are MUCH appreciated!