I realize that there are ways to verify data to make sure it fits a format or pattern, but let's say you just want one cleaner to get things started. For instance, we'll deal with whether it's an email address, telephone number, etc, later, we just want to know if it's potentially malicious.

If you ran everything through htmlentities and addslashes (I'm not seeing the difference between htmlentities and htmlspecialchars yet), would that provide you with an at least safe bit of data, if not perfectly formatted?