You can use HTML tags too, it's perfectly safe if you implement it intelligently.
To do so, just strip out unwanted tags/attributes from the user input, prior to database escaping/storage. It will be suited to exactly what you want, and you won't have the unnecessary overhead/hassle of bbcode validation->parsing->html output. Besides, you'll need to strip unwanted tags/attributes and worry about security with bbcode anyway, so you might as well skip the middleman.
|