Sanitising user form input before processing the data is an IMPORTANT security step to prevent malicious input wreaking havoc on your program or other unsuspecting users. The function below can take the $_POST array as input and return it sanitised for use.
function cleanse($input) {
// Clean the input before use to make sure we don't accept any dangerous input
$purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
foreach ($input as $key => $value) {
$input[$key] = $purifier->purify($input[$key]); // $input[$key] is now sanitised.
}
return($input);
}