I see a lot of questions on here regarding MySQL, but what about when using OCI?

Is the simplest method to create a function that strips all characters from a string except for A-Z 0-9 and run the $_POST through it?

May I have an example?

Code

<?php

include("core/connection.php");

if (!empty($_POST)) {

  $stid = oci_parse($conn, "SELECT CustomerNo FROM Customers WHERE Username = '" . $_POST['username'] . "' AND Password = '" . $_POST['password'] . "'");
  oci_execute($stid);

  $count = oci_fetch_all($stid, $res);
  if ($count > 0) { 

    session_start();
    $row = oci_fetch_array($stid, OCI_NUM);
    $_SESSION['account'] = $row['0'];
    header("Location: index.php"); 

  }

  oci_free_statement($stid);
  oci_close($conn);

}

?>