[PHP] Preventing users from inserting malicious HTML into comments

I'm setting up a comments system on a site, with the comments stored in a mysql database. To prevent sql-injection, I run mysql_real_escape_string() on ingoing data. This should be enough to protect the database (tell me if otherwise), but I'd like to prevent people from posting Javascript and

RE: [PHP] Preventing users from inserting malicious HTML into comments

-Original Message- From: Dotan Cohen [mailto:[EMAIL PROTECTED] Sent: Monday, November 06, 2006 3:24 PM I'm setting up a comments system on a site, with the comments stored in a mysql database. To prevent sql-injection, I run mysql_real_escape_string() on ingoing data. This should