It should be noted that:
$catstring = preg_replace("#[^a-zA-Z0-9s/-_]#",’’,$catstring);
does not equal:
$catstring = preg_replace("#[^a-zA-Z0-9s/-_]#",’’,$catstring);
especially if it’s important to maintain the “-“ character in a string.
Funny how a single unescaped pattern match can break all kinds of navigation in one’s web application.