Im no expert so you might want to hold out for an expert to reply but I have been doing this for a while.
When I first started I used
safeHTML, which seemed to do a good job, was quick at what it done.
I'm writing a script now and im trying to stay away from it simply for the fact that I want to learn myself.
Id suggest writing a function of some sort that would get what the user is submitting, and use regex to look for things that you don't want in your database.
The only real way to know how to secure your website, is knowing how to hack it. Maybe look on Google for some php injection tutorials and see how they work and what they look for, that way you can close the gaps.
I would be interested to see how you get on so keep us updated.
My opinion though, you don't want to be inserting what the user types directly into your database.