We're letting users search a database from a single text input and I'm having difficulties in filtering some user supplied strings.

For example, if the user submits:

????????? lcd SONY

(Note the ?'s) I need to cancel the search.

I include the base64 encoded version of the above string wrapped up so that its easy run:

print(base64_decode("1MfLxc/RwdPHIGxjZCBTT05Z"));

I've ignored such inputs before but now (am not sure why) just realised the mysql database query is taking nearly forever to execute so this is now on high priority.

Another example to highlight that we are using utf-8 and mb_detect_encoding is not helping much:

print(base64_decode("zqDOm8+Fzr3PhM63z4HOuc6/IM+Bzr/Phc+HzyU="));
????t???? ?????%

So:

• how can I detect/filter these inputs?
• how is this input being generated?