help needed for preventing html injection

[Lobo]

i have searched everywhere for knowing how to prevent html injection.i have also put two questions in this website.but i didnt got a convincing answer.below this, i am giving my script which i made for preventing mysql,html injection in my html form.\[code\] //sql injection prevention $name =mysql_real_escape_string($_POST['name']); $login = mysql_real_escape_string($_POST['login']); $user = mysql_real_escape_string($_POST['user']); //striping tags $user =strip_tags($user); $login = strip_tags($login); $name =strip_tags($name);\[/code\]after this i tried to check how well my script is working by using the below script and putting it in name,login,user form in my html and saving it in my database\[code\] <script> document.location = "http://badurl";</script>\[/code\]but when i saved the above script in database and tried to retrieve it for showing in page it went to the badurl site.i think strip_tags is not working i want to know why. and can you please tell me how we can put htmlspecialchars in a while loop(like the script below)\[code\] while ( $row = mysql_fetch_array($query) ) { echo('<big><big><big style="color: rgb(158, 0, 0);">' . $row['name'] . '&nbsp;&nbsp;</big></big></big><p>'); echo('<big><div style="text-align: justify;">' . $row['login'] . '&nbsp;&nbsp;</big> </div>'); echo('<div style="text-align: justify;">' . $row['user'] . '&nbsp;&nbsp;</div>');\[/code\]