Point #7: Do not bite off more than you can chew. Simply as that.

Xenon told you just now to use htmlspecialchars. Filtering on the text-area can also be done with Javascript/AJAX. But I don't recon you've come quite that far. No offense.

Other methods for filtering and inserting are sprintf/printf, addslashes, strip_tags and ofcourse mysql_(real_)escape_string.

__________________

"Life is a bitch, take that bitch on a ride"