I have an input field table $url that gets a secure scrub before being posted to the DB, but some of the characters are being HTMLicized after the scrubbing so that any URL that goes in with an & comes out on the other end as & and basically breaking the link.

here is the function:

}
function Secure ($string){
return trim(mysql_real_escape_string(strip_tags(htmlentities($string))));
}

here is the call on the page where input is:

$url = $_POST["url"];
$url = Secure($url);

thanks for your time,
d