I have a text box that I want to allow users to enter anything they want into it. Problem is I don't want them to be allow to write code that could be executed when sent for review on the next page.

What is the best method for removing unwanted code and ensuring that they just provide a valid message?

strip_tags();

That is what I am using, but I didn't know if there was a better solution.

It's usually a good idea not to re-create built-in PHP functions. See also htmlspecialchars (http://www.php.net/htmlspecialchars), which will make the code that users input visible on the web page instead of becoming translated as HTML by the browser. The strip_tags function removes anything between the less-than sign (<) and the greater-than sign (>).