I'm creating a script for a simple message board and am sanitising the user inputed data with this in a function:

$data=trim($data);
$data=stripslashes($data);
$data=htmlspecialchars($data);
$data=mysql_real_escape_string($data);
$data = str_replace("&lt;", "<!-- ", $data);
$data = str_replace("&gt;", " -->", $data);
return $data;

The last two lines of the function ar designed to stop links from showing (although the link text will still show).

This appears to work fine but am I missing anything - am I creating any potential problems?

I'm not a php expert.