• So you're rewriting content as it arrives from form fields by passing it through two escaping functions? You will end up encoding some things like & twice won't you? This will end up mangling perfectly valid form fields and it'd be hard to get back to the original, so I wouldn't recommend it.

    Usually it's considered better to sanitize on output (to html) rather than at the time of input.

    http://stackoverflow.com/questions/11253532/html-xss-escape-on-input-vs-output