NOt any post, but it will be safer.
You still have to follow general PHP security guidelines. Like using [man]mysql_real_escape_string/man and [man]htmlentities/man to get HTML out of your code, and to help prevent SQL injection.
Of course you can do simple RegEx to replace:
$pattern = '@<script [^>]*>.*?</script>@si';
$user_input = preg_replace($pattern, '<!-- Document Sanitized -->', $input_from_user);
TinyMCE is not a validator or a security wall. It is just a nice GUI for users to get a WYSIWYG editor. The submitted info is still general text in a text-box that is accessed via the $_POST array.
If you don't get what I said in this post, google "User Input Validation +PHP" and you'll get a slew of sites that discuss this (including PHPBuilder).
It is said that instituting the method of Parameterizing your queries. You'll have to google that topic as well since I can't expand upon it, I just know it is supposed to be a more secure way of running queries.
