While this does not prevent HTML from coming into the database,
this solution does prevent bad HTML from being output to the view
page.
Replace
<code>
$item_content = $row['item_content'];
</code>
with
<code>
$content = $row['item_content'];
$item_content = strip_tags($content, '<p><br><br/><img>');
</code>
Any tags you put inside the single quotes will be allowed to pass
through. If you do not want any html to pass through use
<code>
$content = $row['item_content'];
$item_content = strip_tags($content);
</code>
Hope this helps