@omalley
Also most users want to use angle brackets in their normal sense, so a dead simple catch-anything is just encode all angle brackets and ampersands and store it that way.
If you’re also creating your final HTML files when you store it then OK. Otherwise you’re doing this the wrong way around. Read my comments above, as well as others’.
You want to escape for HTML only when the data is being put into a HTML document.
Similarly, you want to escape for SQL when the data is being put into an SQL query.
In normal circumstances, you don’t STORE the escaped data.