>>22
It seems like I did not pay attention to each of the fields carefully. Do you think that removing just quotes prevents this, or do you recommend removing everything except [a-z0-9._-]?

>>24
I am not distributing it. I am publishing it and inviting people to take a look at it.

>>25
Is this article relevant? After all, I am using mysql_real_escape_string(stripslashes()) for each input.