Having trouble with regex

[Tom10]

Hi, ok so basically i have a forum and want to use a character class to detect if someone is trying to post a thread with a malicious title or message like xss, i have already used a regex in the url to filter characters

$url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . '';

if(preg_match("#[^\w\s\b\/\&\?\=\-\.\%\_\[\]]#", $url)) {

	include 'denied.php';

	exit();
}

But i'm wondering how can i do something like this for a page? if that makes sense 

 

All help very much appreciated, i'm not the best at explaining so if something doesn't make sense please ask and i will try to explain in more detail

[Psycho]

You should definitely NOT use RegEx for this. All you need is to use the existing function htmlspecialchars() whenever outputting user defined content to the page. You should also use the ENT_QUOTES flag when using it.