I think that would probably be overkill and might prove annoying for your users. Besides that, it would be extremely difficult if not impossible to imagine every possible attack and devise a regex to stop it. I use regexes on file upload fields (for obvious security reasons) and sometimes on email or url fields (just to prevent people from omitting the "http://" for example). But, IMHO, one of the advantages of using a script like DBManSQL instead of a custom written script that might be more precisely designed to suit your needs, is that the guys at GT have much more experience than you or I with perl and security issues. Perhaps I'm just being naive, but I'm inclined to trust that all but the most obscure or sophisticated security holes have been plugged by GT before you ever download the script.
Now, I'm assuming that the content in your database is relatively mundane/innocuous. Obviously if you're dealing with highly sensitive or valuable information (e.g. cc numbers, medical records, etc.), then you should get advice from a real security expert and not just some second-rate script hack like me. =)
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund
Now, I'm assuming that the content in your database is relatively mundane/innocuous. Obviously if you're dealing with highly sensitive or valuable information (e.g. cc numbers, medical records, etc.), then you should get advice from a real security expert and not just some second-rate script hack like me. =)
Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund