It's important for you to decide whether or not you want to allow html formatting in your database fields. If not then look for "<" and ">" and urlencode them on the way into the database and then htmlencode them on the way out. This will keep any users from inserting malicious code and having it execute on your page causing havoc to your site and your host.