My Approach while INSERT’ing INTO MySql

I think I read in stackoverflow.com that “if you need escaping or similar action, do it just in time you need” so in the verification pages that I verify the user inputs (null or not check, length check and structural checks (eg: mail structure, custom tags structures); I use the $_POST[''] variables as inputs. During verifications, even in the custom error printing parts, my error messages does not include any of $_POST[''] values in message texts.

As an interim note: I utilize prepared statements and parameterized queries during php-MySql interactions. If inputs are verified; just before INSERT’ing INTO MySql, I strip the tags from input since I don’t allow any html tags other than custom structured tags. (for example **bold text** === <strong>bold text</strong>) Then I insert the user input into MySql db.

My Approach while fetching from MySql & printing the output to the screen

I only apply htmlspecialchars() command to print out to the screen from MySql db

My Question

I am not sure of myself. Is there any obvious or hidden weakness in my approach? Thanks in advance for php gurus’ valuable comments. BR

UPDATE

I won't strip tags during insert into MySql db. For reasons, Please refer to comments of ÁlvaroG.Vicario below. BR.