It's more secure to begin with converting the string using htmlentities() and reconverting allowed tags afterwards.
See http://alistapart.com/articles/secureyourcode http://alistapart.com/articles/secureyourcode2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
