There are a number of things that you can do in addition to stripping HTML tags.
- Limit the length of the fields to an appropriate number of chanracters so that people don't SPAM SPAM ...
- Don't display what people submit instantly so that they don't get the instant satisfaction of SPAM SPAM SPAMing your page. You can do some moderation.
- Require user registration (I really donno how that fits into your needs or your users').
- If you're the only one who would add records, you can use some authentication schema (.htaccess files if you're using apache).
Also, your script is not handling mult-line comments properly (I added one with 3 comment lines and each appeared separately). Are you using the CGI module to get your params?
Hope this helps,,,