[eluser]andychurchill[/eluser]
Thinking about this a bit more, I think I understand where I'm going wrong. If I add additional validation at the point of set_rules to ensure the user hasn't tried to enter html in the username field, I can be confident that the input->post step will have valid data, so I don't nee to re-apply the strip tags?
I just can't find a good example of a simple but secure registration form, done right, in codeigniter.