Hello,
For some important reasons I can't use standard methods provided by ZF to prevent sql injection. I have just wrote that (and I am using it on each POST/GET data from user):
$filter = new Zend_Filter_PregReplace();
$filter->setMatchPattern(array("/[';`]/"))
->setReplacement(array(''));
I am using MySQL database only. Is it enough? Is it secure now?
Never do stuff like this using regular expressions. If you can't use Zend's database methods, use whatever sanitation the database library offers you. For mySQL's procedural wrapper, it would be mysql_real_escape_string(). For PDO, parametrized queries will take care of it automatically. And so on.
That said, I really don't understand why this is necessary in the first place. Why can't you use what the Framework offers? I bet there is a better workaround than doing sanitation on your own.
You really should use sanitization provided by the framework - Zend (PDO, ORM). If you don't there is probably something already going wrong.
There are so many cases to inject malicious code, that to exclude all of them, you will have to find/roll your own some kind of framework to be safe.