Because I have several TEXT fields in my MySQL database, I need to know how to validate that only alphanumeric characters have been entered -- as this data will be echoed back to the user upon completion of the form.

Therefore, I need to prevent any malicious text from being entered into the form (SSIs, HTML formatting, etc.)

Is there any way to do this?

So far, I've only been referred to addslashes(). I've managed to use the following function:

function validate_text($text) {
$text = addslashes($text);
return ($text); }

.
.
.
$input_text = validate_text($input text);

But this only escapes single and double quotes with the slash. URLs, SSI statements, etc. remain untouched.

Can anyone advise please?