How To Remove All Characters from Variable Other Then Letters & Numbers?

[phpBeginner06]

I have a variable called "$Comments" and I need it to only allow letters and numbers in it. I have a form that sends its data to database and then on another page I display the data. On that page; I have a "mailto" link that has the variable "$Comments" in it. The problem I am having is if someone uses other characters, other then letters & number; it messes up my "mailto" link. I also have a "Delete" link on that page; that will delete the record from my datatable. It is also non-functional when characters other then letters & number are sent to the "$Comments" variable, because it also contains the "$Comments" variable. How can I remove all characters other then letters or numbers from a varaible? I have been searching and saw a few examples with "preg_replace"; but I could not get it to work (might have been coding it wrong). Anyone know what to do for this and how to implement it?

The code below is in the page that I use to send my form data. I think I could use "preg_replace" or something else in this page, but I am not sure.

[code]<script>
function noName()
{
alert("Please Enter Your Name");
history.go(-1);
}
function noEmail()
{
alert("Please Enter Your Email Address");
history.go(-1);
}
function noValid()
{
alert("Please Enter A Valid Email Address");
history.go(-1);
}
function noComments()
{
alert("Please Enter Your Comments");
history.go(-1);
}
function checkedout()
{
alert("Thank You For Contacting Us");
document.location="01-05-07.html";
}
</script>
</head><body>
<?php

// Receiving variables
@$Name = addslashes($_POST['Name']);
@$Email = addslashes($_POST['Email']);
@$Phone = addslashes($_POST['Phone']);
@$Comments = stripslashes($_POST['Comments']);
$dated = date("m/d/Y");
$timed = date("g:i a", time()-(18000*1));


// Validation
if (strlen($Name) == 0 )
{
echo "<script> window.onload=function() { noName() } </script>";
exit;
}

if (strlen($Email) == 0 )
{
echo "<script> window.onload=function() { noEmail() } </script>";
exit;
}

if (! ereg('[A-Za-z0-9_-]+\@[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+', $Email))
{
echo "<script> window.onload=function() { noValid() } </script>";
exit;
}

if (strlen($Comments) == 0 )
{
echo "<script> window.onload=function() { noComments() } </script>";
exit;
}

//Sending Email to form owner

$db_host = "localhost";
$db_user = "username";
$db_pwd = "password";
$db_name = "CustomerEmails";
mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name);

mysql_query("INSERT INTO `messeges` (Date, Time, Name, Email, Phone, Comments) VALUES ('$dated', '$timed', '$Name', '$Email', '$Phone', '$Comments')");


echo "<script> window.onload=function() { checkedout() } </script>";

?>
[/code]

[fert]

[code]
$Comment=str_replace("$","",$Comment);
$Comment=str_replace("#","",$Comment);
/*etc*/
[/code]

[roopurt18]

If you only want it to be an alphanumeric field, use a regexp and preg_match to force the user to only enter that type of data.

[code]<?php
if(!preg_match('/^[a-zA-Z0-9\s]*$/', $_POST['Comments'])){
  echo "Invalid comments!";
  DisplayForm();
}
?>[/code]

I went from memory so the parameters to preg_match might be in the wrong order.

[phpBeginner06]

Thanks For The Help roopurt18 and fert. I got the preg_match to work out great.