If you just need to untaint the data you could use a much simpler regex that just scrubs potentially unsafe characters like backticks, ampersands, pipes and such.

I am fairly strict about adherence to some basic pragmas with regard to the handling of data and taint mode. While I am fairly sure you are aware of this already sauoq, I thought that it would be pertinent to point out for other readers that the regular expression should match only allowed characters and exclude everything else (rather than attempting to match and scrub nasty characters) - This approach provides for a tighter regime for the acceptance of user supplied information and allows your code to catch potentially nasty input down the track which may not have been anticipated or expected when the code was written.