set_magic_quotes_runtime( 0 );
This is for database, not for showing data in browser. For browser you need to kill all unknow tags and all unknown properties of known tags. Afterwards, you need to prepend http:// to any urls that have unknow protocols. Alternatively, you can make sure that data diplayed to user is submitted by the same user.
Example of the former method: http://token.by.ru/ksscripts/htmlparser6.txt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
