I've been coding for over 20 years now! (WOAH, do I feel old)
I've touched just about every resource imaginable under the Sun (too bad they were bought out by Oracle)
Using deny-lists instead of allow-lists is not secure at all. This doesn't cover all SQL commands. On top of that, new syntax can easily bypass these checks. It is better to focus on properly handling data input in a secure way instead. Also, using your method would disrupt processing of normal human text. There are other issues here, too, as it looks like you're replacing non-alphanumerics with underscore, which would absolutely break non-english characters.
Using deny-lists instead of allow-lists is not secure at all. This doesn't cover all SQL commands. On top of that, new syntax can easily bypass these checks. It is better to focus on properly handling data input in a secure way instead. Also, using your method would disrupt processing of normal human text. There are other issues here, too, as it looks like you're replacing non-alphanumerics with underscore, which would absolutely break non-english characters.
I assume this is an overkilled function i made and it will not resolve all cases, and that's why am still improving it !