Sufficient protection from bad input?

[oni-kun]

I am writing a simple script to let people upload 'pages' of their own content, be it simply a few bits of HTML, pictures and whatnot, and recieve their own url.. I've without testing, wrote this part of the script to clean the input, are there major security risks?

function cleanInput($input) {
$search = array(
	'@<script[^>]*?>.*?</script>@si',   // Strip out javascript
);
	$output = preg_replace($search, '', $input);
	return $output;
}
function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}
//Define date for entry
$date = date("Y-m-d");

//clean input
$_title = sanitize(cleaninput($_POST['title']));
$_uid = sanitize(cleaninput($_POST['uid']));
$_desc = sanitize(cleaninput($_POST['desc']));
$_content = sanitize(cleaninput($_POST['content']));
  
// Insert a row of information into the table with function
function insert($title, $uid, $desc, $date, $content) {
mysql_query("INSERT INTO pageit
(title, userid, `desc`, dateadded, content) VALUES('"._$title."','".$_uid."','".$_desc."','".$date."','".$_content."') ") 
or die(mysql_error());  
   }
// Do the insert with the cleaned data!
insert($_title, $_uid, $_desc, $date, $_content);
//Done script stuff for now..

[onlyican]

I see you are checking for <script tags.

You may also want to check for PHP tags.

Possible check for whitespace for the script tag

< script type...

[oni-kun]

I thought so, yeah, I know there are plenty of snippits to help clean HTML and such out of it. I think I'm pretty set off, no injection and I can use a character regex to only allow 0-9-a-z and a few basic allowable tags.