XSS, CSS Prevention

Hi,
I am trying to code a registration script in PHP & Iam even using preg_match & strip_tags, & other such security measures.Someone told me that I should filter metacharacters from user input. Iam using the preg_match for that purpose so that I can disallow or reject unacceptable data. Iam only allowing only numbers, alphabets & space. But still this concerns me. Can anyone please tell me a proper way in the form of the code?

Thank you in advance.