If you are using regular expressions you will want to filter out these characters from strings which may be used by hackers to change the meaning of your regular expressions when input is passed into them:
\, *, +, ?, , {, [, (,), ^, $,., #, and white space