I'm sure this is a dumb question but I can't find an appropriate answer. I am writing a tiny CMS for my company to create small webpages that must include tracking code. I'm generating the directories and files from templates but also saving information in a database.

I'm having some issues trying to figure out how to do this safely. I want to mysql_safe_string it but it's giving me some issues generating breaks, etc. I can clear this with replace statements, but are there any specific things I should run to clear the code from any malicious code?

As a suggestion, have your users create the <body> section (and head if required) using something FCK Editor. Then you build the real head and body adding any tracking code. I wouldn't rely on users to even add the tracking code or not screwing it up in some way. If it's important then take the user out of the equation and limit their control. Then you can strip all script tags..

Just get ModX