You also might want to think about using these functions and/or maybe some other string functions (see php manual) to purify the input text _before_ you send it to the database to avoid the chances of SQL injection exploits. There's also a good chapter on this in the security section of the php manual. Its all on
http://www.php.net as sailor pointed out
