you can use a rereplace() unction with a regexp to strip out
all html
from the user's input prior to inserting it into your db.
there are several udf's over at www.cflib.org that can do
that for you.
some are general, others target specific html (like script
tags).
a very basic one would be something like:
rereplace(your-var-holding-user-submitted-text,
'<[^>]*>', '', 'ALL')
hth
---
Azadi Saryev
Sabai-dee.com
http://www.sabai-dee.com