just want to make sure i got this right. i have a database table of values i want to display on the web, but i do not want the values to run any javascript or html. to do this I just use htmlentities(myvalue)?
Using htmlentities <tags> will show up like that (explicitly). That'll be enough to stop it running (in fact, htmlspecialchars will be enough). You could use strip_tags() if you don't even want that.
