PHP: Removing HTML Tags from Strings
Using text fields on web based forms to obtain information from a website user can often lead to unexpected string inputs. A typical unexpected input might be a field that asks a user to submit a link and a description – spammers may use this description field to stuff with extra links.
Fortunately, PHP has the command strip_tags to remove these tags.
$myString = "<p><a href='gohere.html'>This is some text</a></p>";
$newString = strip_tags($myString);
You can allow specified tags by using the option parameter of strip_tags, so to include the <p> tag in the string above but remove the <a> tag use this command
$newString = strip_tags($myString,"<a>");
It would also be useful to use the mysql_real_escape_string in this instance to avoid SQL Injections.