The general rule when desiging web stuff is never trust data where you cant verfy the source
there are plenty of ways around it strip_tags() is one of them to dump all HTML etc and another is entity_encode.
If someone for example puts ">mwahahahahaha into a textbox or </table></html> HAHAHAHA or whatever it can seriously break the page viewing it