Hey mates,

I have a form that allows external users to submit code to a database (like video embed codes for display, adobe flash embeds etc) and php will re-display it on that user's page. The fear is that some users may place in malicious code like JS or whatever else.

What would you recommend as "must checks" in the php validation before shipping into mysql?