Back when I was writing my own blog software, I ran into the same problem(s). They became particularly acute when I added comment preview, which involves carrying the comment text through multiple POSTs adding and removing backslashes all the while. It was practically impossible to cover all of the cases. Some would say it's actually impossible; PHP forums are full of complaints about this very issue, along with dozens of (mostly incomplete or broken) workarounds. In the end that was one of the reasons I switched to WordPress and made it somebody else's problem. I simply have a lot better things to do with my time.

While we're on the subject, your email-address filter still gets me every time. It doesn't like @pl.atyp.us (have to use @atyp.us instead), then it turns "@" to "(at)" and "." to "(dot)" during preview but won't accept the result coming back. I still end up having to change my email address by hand (twice!) every time I comment here.

Fixed. Now I find the MX record for atyp.us when pl.atyp.us doesn't work.

Also: you shouldn't have to deal with the (at) thing. That is accepted incoming as a legitimate address.

I was hoping for a properly sarcastic response. If I find any other nits to pick, I'll try to remember to say Bug! rather than Bug?

Isn't PHP great, just when you think it's helping you it's actually stabbing you in the knee with a frozen eel. Just add in a dose of addslashes, stripslashes, nl2br, urlencode, utf8_encode, htmlentities, rawurlencode, convert_encoding, mysql_escape_string, mysql_real_escape_string, htmlspecialchars, htmltranslationtable, quoted_printable_decode and the various combinations of the ini settings that change the behaviour (which may be set in the php.ini filem the apache flle, the local directory, compiled in or just set manually) and then switch error reporting off.

:-D