This code is vulnerable to xss , can you spot where it is and how to exploit it ?

$name    = trim( $_POST[ ‘name’ ] );

$name = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $name );
$message = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $message );

$message = SQLite3::escapeString( $message );
$name = SQLite3::escapeString( $name );

if (!empty($name) || !empty($message)) {
$db->query(“INSERT INTO guestform(name, message) VALUES (‘$name’,’$message’)”);
$db->close();
}
else {
header(“Location: /guestform.php”);
}
}

header(“Location: /guestform.php”);
exit;
?>