spoofedform.php

<html>
Spoofed Form Security
<form action="receive.php" method="POST">
Nama:
<input type= "textbox" name="nama"></br>
Warna Favorit: <select name="color">
<option value="red">red</option>
<option value="green">green</option>
<option value="blue">blue</option>
</select>
<input type="submit">
</form>

receive.php

<?php

$nama = isset($_POST['nama']) ? $_POST ['nama'] : '';
$color =  isset($_POST['color']) ? $_POST ['color'] : '';

// escape output

$newnama = htmlspecialchars($nama, ENT_QUOTES);
$newcolor =  htmlspecialchars($color, ENT_QUOTES);

// filter input

$newnama = RemoveBad($newnama);
$newcolor = RemoveBad($newcolor);

function RemoveBad($strTemp) { 
    $strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-/i', '', $strTemp);
    return $strTemp;
} 

?>

It works already. I would like to filter out more symbols form the name input such as : $ and @

how? what should I add next to i ?

Try,

$strTemp = preg_replace('/<|>|\||%|;|\(|\)|&|\+|-|:|\x24|@/i', '', $strTemp);

NOTE: \x24 will replace $ sign