what would be the best way to escape urls and make sure its clean without any cross scripting?

i was thinking including a genric file which would preg_match the url and redirect to an error page with anything that contained script or location.

or

another way would be to use $_SERVER['REQUEST_URI']

OR DO YOU GUYS HAVE A BETTER WAY?

THANKS.