Strip_tags() confusion

[Accurax]

I have a text area that is sending info to my database for use later on,

Now im using strip_tags() to remove any html that the user may enter into the form, and i also want to use n12br() to allow the user to store any basic formatting they do with the enter key.

Now, it seems to work, except that when i call the information, the <br /> tags are actually echo'd onto the screen along with the rest of the text ... allthough the line breaks do seem to work aswell.

Anyone got any idea what i may be doing wrong here?

[emehrkay]

are you stripping before input to the database or on the way out?

[Accurax]

Ive been trying a few combinations

at the moment im trying to strip on the way out with

$safe_query = strip_tags($query);
$result = mysql_query($safe_query)

and on the way into the database i have the submitted variable passed through as follows:

$value = $_POST['form_value'];
$value_format = nl2br($value);

[obsidian]

I would recommend you do all your cleaning on the way [i]into[/i] the database and all your parsing on the way [i]out[/i]. So, you'd want to do your strip_tags() or any other cleaning functions on the user entered data. Then, when you pull the information out of the database, you'll want to run your nl2br() and other parsing functions on it. This way, you reserve the user's original content (minus anything that may be damaging).