You could just use mysqli prepared statements, then when you want to display the data from the database to yourself or for whatever purpose, you could strip the tags then. I've always been told if you are re-displaying the data, then don't edit what the user has put. I used to strip all tags and as many 'special characters' as I could but was told to simply leave them in, then when you need to use that data, use those type of functions when re-displaying.
So now I leave the data as it is, insert using a prepared statement, then strip certain tags out, but only a few. I'm still not 100% sure on the way to handle data which you re-display on your website.
Last edited by LearningCoder; 02-08-2013 at 08:22 AM..