That doesn't seem reliable, ie

 
$value = " drop           table ";
$value = " drop 
-- fooled ya
table ";
$value = " drop  /* fooled ya */ table ";
[download]

Anyway, AFAIK, the only sane approach is to validate all input , ie Params::Validate, FormValidator::Simple, other validators