Using text fields on web based forms to obtain information from a website user can often lead to unexpected string inputs. A typical unexpected input might be a field that asks a user to submit a link and a description – spammers may use this description field to stuff with extra links.

Fortunately, PHP has the command strip_tags to remove these tags.

$myString = "<p><a href='gohere.html'>This is some text</a></p>";
$newString = strip_tags($myString);

You can allow specified tags by using the option parameter of strip_tags, so to include the <p> tag in the string above but remove the <a> tag use this command

$newString = strip_tags($myString,"<a>");

It would also be useful to use the mysql_real_escape_string in this instance to avoid SQL Injections.