[snip] My questions: does this seem adequate? Are there any known attack methods that would be likely to get through these checks? Is it overkill? Might some legitimate inquiries be lost through the security measures? [/snip] I recommend that you go to http://www.shiflett.org and read the many fine articles on preventing injection as well as a truckload of information on security and PHP.