At the moment when someone wants to edit their profile they have to use bb code for example for bold:

[b ] [/b ]

How do i allow users to use normal HTML but at the same time making sure it is 100% safe before inserting it into mysql?

There wont be a 100% secure solution.

so is it best just to stick with BB code?

you could create an array of safe tags so you could allow only those safe tags and remove all other tags from the profile

How would i do that? Wouldn't i have to split the string up into tags first before i checked against the array?
Like if my string was : "<b>hello</b><i>hi</i>"
how would i split it up into an array like :
Array
(
[0] => <b>
[1] => hello
[2] => </b>
[3] => <i>
[2] => hi
[3] => </i>
)

?