The data the server receives from the browsers first of all needs to be validated according to the specific action requierements. When using MVC (which you should) the controller receives the submitted data and then it updates or query the model (which is in its very simplistic form, the database). In order to perform that action the controller must ensure that the data it sends further is valid. That's when the validation kicks in (how it's performed depends on what framework or utilites you're using). In this stage we talk about validating the format of the data received. If it's not the desired format, then a view containing the errors should be returned.
Once the data is validated, it can be send to the model for processing. When it gets to the database, the data access layer (DAL)/the data acces object (DAO) must ensure that everything it sends to the database is sanitized i.e the values sent are in the proper form to be used in that database.
In my opinion, strip_tags is a hack that shouldn't be used for validation or sanitization. If you don't want the data to contain html tags, return a error saying so to the user. mysql_real_escape_string does the sanitization of the data however I strongly suggest that you learn about PDO and use only that. As you are a novice in php, be aware that there's a LOT of bad coding or outdated tutorials on the web which will 'teach' you how to be a poor developer. Learn the 'right' php from the start, it is MUCH easier now than later.