If you need to check that a string is included in another, index will often do both a faster and safer job. You'll need to lc both variables for a case insensitive comparison though.

And when it comes to security with user input, Taint mode is probably what you should rely on, rather than just expecting to never leave a security hole through multiples evolutions and corrections.