In PHP when submitting strings to the database should I take care of illegal characters using htmlspecialchars() or use a regular expression?

Question

I am working on a form with the possiblity for the user to use illegal/special characters in the string that is to be submitted to the database. I want to escape/negate thes

Answer 1

I am working on a form with the possiblity for the user to use illegal/special characters in the string that is to be submitted to the database.

Users can go a lot beyond than that actually.

I want to escape/negate these characters in the string and have been using htmlspecialchars(). However, I would like to know if there is a better/faster method.

Use HTML Purifier:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist.

and decide for yourself :)