function RemoveXSS - tweak to allow hyphens or spaces?

Question

The website I code on has a function applied that prevents all non-printable characters. http://pastebin.com/FemaR8s0 < This is the version we have. This prevents hyphens and spaces from being allowed in a name field and I was wondering if there was a way to modify the function to allow hyphens in the name field? It works if you change the name in the database, of course, but not when you try and log in or use the name on the site... Any help would be greatly appreciated!

Answer 1

Stop using hand-crafted XSS/SQL injection filters. This function is an accident waiting to happen. Replace it with HTML Purifier and you'll be more secure and appropriate uses of hyphens and spaces will work just fine.