on my website I have a comment section. I want to filter and validate the input before I store it in my database. If there are any invalid chars in the input the user gets the notice that his input is invalid.
My question, which chars are not allowed? e.g. I want to avoid sql injections
Tags are not allowed. How do I check that?
If you are using Zend_Db and parameterised queries (i.e.: $adapter->insert($tableName, array('param' => 'value'))) then it will automagically escape everything for you.
If however you want to further validate the user input, have a look at Zend_Validate and Zend_Filter
Also, if by "tags" you mean HTML tags, I wouldn't do anything to those on input but do make sure you properly escape / strip them on output (have a look at htmlspecialchars())
If you want to display an error message if the input contains HTML tags, and assuming $comment is the comment body, you could try:
if(strip_tags($comment) !== $comment) {
// It seems it contained some html tags
}