Good morning all!

I've been having some trouble with RSS Feed that are being pulled in from a database.

Where I work we are using our companies intranet website to publish press releases, which then get published to about 22 subsidiary websites. The problem I'm having is filtering the press releases to properly insert them into the mssql database, IE add slashes for the single quotes marks and remove any potential XSS exploits. Then properly display them with the strict RSS Specification.

I'm using the Nicedit for the text areas where we enter the Press Releases. It offers basic formatting (bold, links, em, etc.). And when I filter the text I use the following function to clean up the code:

function mssql_clean($value){
	$value = strip_tags($value);
	$value = htmlspecialchars($value, ENT_QUOTES);
return $value;
}

When I output the press release for an RSS feed I use the following function:

$replace = array("'","Õ", "\x96", "\x92", "\x91", "\x93", "\x94");
		$body = str_replace($replace, "", $body);
		$body =  htmlspecialchars_decode($body, ENT_QUOTES);
		$body = strip_tags($body, "<br /><br><b><p>");
		$body = myTruncate($body, 600, " ");

Its probably alot of overkill to make this all possible, but it seems like I always come up with errors with inserting the text into a database and or outputting the text for an rss feed.

Any helps or pointers towards tutorials or other threads owuld be much appreciated.