The issue: Validating user input is a nasty task.
The solution: use ext/filter oder ext/ctype
<?php
var_dump( ctype_alnum( 'foobar_42' ) );
var_dump( ctype_alnum( 'Bad Characters $%&/' ) );
var_dump(filter_data('bob@example.com', FILTER_VALIDATE_EMAIL));
var_dump(filter_data('example.com', FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED));
Output
bool(false)
bool(false)