$_POST/$_GET checker

[UnDeaD]

я в какойто сборке ив нашел скриптик, решил чуток подправить, интересны коменты касательно сего чуда

//Проверка опасных данных.
$deny_words = array("union","char","delete","drop","TRUNCATE","select","group","order","benchmark","+","null");
foreach($_GET as $_ind => $_val) 
{
    $_GET[$_ind] = mysql_escape_string($_val);

    $exp = explode(" ",$_GET[$_ind]);
    foreach($exp as $ind => $val) 
    {
        if(in_array($val,$deny_words)) 
        {
            $mail = 'gmail.com';
            $headers = "Content-type: text/html; charset=windows-1251\r\n".
                   "From: [email][email protected][/email]\r\n".
                   "Reply-To: [email][email protected][/email]\r\n".
                   "X-Mailer: PHP mailer";
            $ip = getRealIpAddr();
            $subject = '['.$ip.'] $_GET ERROR';
            $body = "
            IP: $ip 

            $val
            ".GetEnv("REQUEST_URI").";
            ";
            mail($mail, $subject, $body, $headers);
            die("pnx plix plox");
        }
        if (!preg_match("/^[0-9А-Яа-яa-zA-Z?=\-. \/&_%#|]{1,100}$/", $val) && $val != '')
        {
            $mail = 'gmail.com';
            $headers = "Content-type: text/html; charset=windows-1251\r\n".
                   "From: [email][email protected][/email]\r\n".
                   "Reply-To: [email][email protected][/email]\r\n".
                   "X-Mailer: PHP mailer";
            $ip = getRealIpAddr();
            $subject = '['.$ip.'] $_GET ERROR / preg_match';
            $body = "
            IP: $ip 

            $val
            ".GetEnv("REQUEST_URI").";
            ";
            mail($mail, $subject, $body, $headers);
            die("Вот здесь \"".GetEnv("REQUEST_URI")."\" разрешено использовать только буквы русского и англ. алфавита, символы ? = - . / & _ % # | ".$val);
        }
    }
}

foreach($_POST as $_ind => $_val) 
{
    $_POST[$_ind] = mysql_escape_string($_val);
    if ($_ind != 'message')
    {
        $exp = explode(" ",$_POST[$_ind]);
        foreach($exp as $ind => $val) 
        {
            if(in_array($val,$deny_words)) 
            {
                $mail = 'gmail.com';
                $headers = "Content-type: text/html; charset=windows-1251\r\n".
                       "From: [email][email protected][/email]\r\n".
                       "Reply-To: [email][email protected][/email]\r\n".
                       "X-Mailer: PHP mailer";
                
                $ip = getRealIpAddr();
                $subject = '['.$ip.'] $_POST ERROR';
                $body = "
                IP: $ip 

                $val
                ";
                mail($mail, $subject, $body, $headers);
                die("pnx plix plox.");
            }
            if (!preg_match("/^[0-9А-Яа-яa-zA-Z?=\-. \/&_%#|]{1,100}$/", $val) && $val != '')
            {
                $mail = 'gmail.com';
                $headers = "Content-type: text/html; charset=windows-1251\r\n".
                       "From: [email][email protected][/email]\r\n".
                       "Reply-To: [email][email protected][/email]\r\n".
                       "X-Mailer: PHP mailer";
                $ip = getRealIpAddr();
                $subject = '['.$ip.'] $_POST ERROR / preg_match';
                $body = "
                IP: $ip 

                $val
                ";
                mail($mail, $subject, $body, $headers);
                die("Разрешено использовать только буквы русского и англ. алфавита, символы ? = - . / & _ % # | ");
            }
        }
    }
}

как вариант

if (!preg_match("/^[0-9А-Яа-яa-zA-Z?=\-. \/&_%#|]{1,100}$/", $val) && $val != '')

можно заменить на прег_реплейс, тоесть обрезать все что не входит в заданый алфавит