Is there a catchall function somewhere that works well for sanitizing user input for SQL injection and XSS attacks, while still allowing certain types of html [...]
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following [...]