Cleaning input enough?

Input validation is known issue, but writing some PHP-code today let me write the following and I’m wondering if I forgot something. It is only to make sure no cleansed variable will enter a switch statement for example.

7
8
9
10
11
12
13
14
15
  if (isset($_POST['action'])) 
    if (strlen(preg_replace("/[^a-zA-Z0-9-]/i","",$_POST['action'])) == 0)
      $page_action = $_POST['action'];
    else
      $page_action = '';
  else
    $page_action = '';
 
  switch ($page_action) {

For now I need to check the code that no $_POST variable is entering the code unchecked before I put the code online. This also include variables for SQL-statements to eliminate SQL-injections.