If you are just using regex to prevent SQL injection (ie stings like " ' or 1=1;-- " etc) then just use Parameterized queries which are already safe from sql injection attacks.

maybe im missing what you are getting at.