Cheers, that looks like a better solution than the strip_tags() function I've been using. I have most of the stuff in the video tutorials down pat, but the session hijacking was pretty cool; I had no idea it was that easy to gain control of an admin account. I'm trying to get my site up and running by the end of the month http://www.newvoxel.com/
and I'll probably get this site to pen-test it as I'm sure there will be heaps of stuff that I've missed. GET EXCITED!