- htmlentities: documentation ( source)
- html_entity_decode: documentation ( source)
<?php
$encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!");
$decoded = html_entity_decode($encoded);
echo "This is how you want the text to be encoded from the comment box, when it's included as a part of html source code. \n";
echo $encoded;
echo "\n\nThis is what it will look like on screen to the user.\n";
echo $decoded;
?>