Dude, I've explained this to you already. The problem is simple:
- you need advanced validation which no one can pass? go with regular expressions then (after cleaning the input of malicious code);
- you don't need validation, and you wish to take any input? then use htmlspecialchars and you'll probably end up with garbage instead of a hack.

As I've said before, it only prevents bad things to happen in most cases, but doesn't provide you with validation techniques or such.

__________________