There are two answers guaranteed to show up on nearly every PHP question on Stack Overflow - use the mysqli/PDO extension instead of the deprecated mysql one (to avoid SQL injection), and that you can't parse HTML with regular expressions.
With that in mind, my favorite two answers:
- [How PDO is still vulnerable to SQL injection attacks](http://stackoverflow.com/questions/134099/are-pdo-prepared-statements-sufficient-to-prevent-sql-injection/12202218#12202218) by Anthony Ferrara
- [Parsing HTML with regular expressions](http://stackoverflow.com/questions/4231382/regular-expression-pattern-not-matching-anywhere-in-string/4234491#4234491) by Tom Christiansen