What are your thoughts on validating a First Name?

I didn't want to allow any value for fear a bad guy could use this as a security exploit. (Although since I am using Prepared Statements, that might be hard to do.)

Here is my current code...
PHP Code:
    // Validate First Name.
    
if (empty($trimmed['firstName'])){
        
$errors['firstName'] = 'Please enter your First Name.';
    }else{
        if (
preg_match('#^[A-Z \'.-]{2,20}$#i'$trimmed['firstName'])){
            
$firstName $trimmed['firstName'];
        }else{
            
$errors['firstName'] = 'First Name must be 2-20 characters (A-Z \' . -)';
        }
    } 
Is this too restrictive?

In the U.S. at least, this should pretty much cover everything...


Debbie