strip_tags will strip all tags from a string (including custom markup, if any). If the data will be added to the database, then before executing the query, it will not be superfluous to run it through the mysql_real_escape_string function, which will clear it and prepare it for safe execution. But it is better to move the methods of working with the database into a separate class and work through it. This way you won't miss any request in the code. Also pay attention to the validation of form fields and GET, POST data coming into the script.

www.php.net/manual/en/function.strip-tags.php

This function attempts to return a string str with all NUL bytes, HTML and PHP tags removed.

In general, it's enough to escape your base string and htmlspecialchars on output.
In all other cases, you need a brain and an understanding of what is happening in general.
Understand what XSS and everything else is and how they happen.

I use the following function to write to the database

$bio = mysql_real_escape_string(trim($_GET['bio']));

$bio = preg_replace("/[\r\n]+/", "</p><p>", $row ['about']);

If you want to strip all but the allowed tags from the text of an article, as others have said, strip_tags is sufficient.
If you need something more complicated (for example, to clean HTML from "dirty" tags and attributes so that the edited article does not break the layout of the site when displayed), then you should pay attention to HTMLPurifier .