Hello Jan Kaare,
Please consider using prepared statements instead of mysql_real_escape_string. While the latter may prevent SQL injection attacks, it will not help with XSS exploits. See the following SO thread for more information. The advice of using the HTML Purifier library is also worth taking, as it will secure that only valid content will be saved on the server.
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI