in reply to
Hacker Proofing My First Script
As an aside, the technique that you've used, scrubbing the data of harmful characters, is known as a negative security model. This means that you're allowing everything, except for the few things that you're explicitly denying.
This is, arguably, a sub-optimal model to follow from a security perspective. Over time as more creative ways of breaking applications are developed you may find that a character you didn't account for can be used against you. Similarly, not all of the harmful characters may be known in advance, given a different application.
Most in the security field would argue that a positive security model is a more practical approach. In a positive security model, you deny anything that is not explicitly allowed. Instead of saying that ? should be stripped, for example, you only allow the characters that you know to be legitimate through.
As others have pointed out, there are better approaches still to your problem.
-><- -><- -><- -><- -><-
All things are Perfect
To every last Flaw
And bound in accord
With Eris's Law
- HBT; The Book of Advice, 1:7