Hmmm... try this:
$string = trim($string); // same as in asp
$string = htmlentities($string, ENT_QUOTES); // takes all the html tags and quotes and makes them specials chars
$string = addslashes($string); // adds slashes so it wont mess up php
$string = nl2br($string); // adds a <br> to all the returns that a user puts in a field
myString = Replace(myString,vbcrlf,"|~|")
myString = Replace(Server.HTMLEncode(Trim(myString)),"|~|","<br />")
CleanString = myString
That's the quickest one I could come up with, anyway - someone might be able to make that 1 line instead of three...
P.S. the |~| is just some garbage combination I used that people most likely won't type in... you could use something else (unless I overlooked a way to do this easier, which is possible since I'm tired after auditioning for "Who wants to be a millionaire" at 7:00 this morning!).