Secure Processing - User Input Validation

[tacnev]

Hi all,

I've found this site during searching google for my security questions.
One of the biggest problem in web programming is securiy. There are lots of "to-do's" but sometimes we can miss the simple points.

I am working on a link manager project which will be usable by public.

I decided to implement "limit the allowed characters" method for protection. For example;

I am using [code]$string = eregi_replace('[^a-zA-Z0-9]','',$string);
return $string;[/code]for parsing and cleaning user inputs.

But the problem is parsing and inserting the user provided url's to db ...
How should i handle user urls ?

I am redirecting users with this frame setup;
[code]<frame name="main" src="<?=$url;?>" scrolling="auto">[/code]

Any idea ?
Thanks