I have a problem. In my database I allow users to submit post titles through an input containing html entities and plaintext. As per what I have read, I use mysqli_real_escape_string to escape their post before adding it to the database, and then use htmlentities when the html is being output onto a page. However if the user posts something like
<div>( ͡° ͜ʖ ͡°)</div>
it gets mysqli escaped and stored in the database as
"<div>( ͡° ͜ʖ ͡°)</div>"
if I then use htmlentities on this string when outputting, it will return nothing. This must be something to do with the html entities already in the string, because if I test
<div>plaintext</div>
it works fine. How can I escape the html entities such as < and > within a string already containing encoded entities?
