I have a html document which posts to a php script which inserts the posted data into a MYSQL database.

I need to strip out all characters as follows:

1. To only permit 0-9 and a-z in certain fields (GENERAL TEXT FIELD)

2. To only permit 0-9, a-z, the . and the @ symbol in certain fields (EMAIL ADDRESS)

3. To only permit 0-9, a-z, the : \ symbols in certain fields (WEBSITE ADDRESS)

Theres so many different ways of doing this and so many commands I am totally confused.

I'm trying to ensure the user inputs correct values and also to prevent against SQL Injection attack.

Can anyone help?

I would recommend you use javascript instead of php to validate a form.

Hi David,
I agree with Roddy - what I do (offered as a suggestion, not the only way <img src=../images/dmxzone/forum/icon_smile.gif border=0 align=middle>

javascript on the page to examine the email address that is input and all the other fields, so you can only submit the information once it is satisfactory - that means that the user never gets to send it until it has passed all the validation. Then when it gets to the server, do it all again - yes, do it all again. There are some people out there who will have automated attacks (am I just paranoid?) and try to get around your checks.
Then and only then use php to change things - obvious stuff that will make life easier - make postcodes upper case before you store then, then they will always show upper case and print, it looks better.
Change first character of addresses to upper case
make emails all lower case
Etc

php has some great functions for doing this and you build them into functions, or if you are using DW you can hack its code

Hope that helps