Using a positive security model (whitelist), sanitize username input for a login form, for example.

clean.py

import re

def is_clean(username):
    # usernames are allowed to have a-zA-Z0-9_.
    # nothing else
    if re.search('[^\w.]', username):
        return False
    else:
        return True