PHP & mySQL: When exactly to use htmlentities?

Question

PLATFORM: PHP & mySQL

For my experimentation purposes, I have tried out few of the XSS injections myself on my own website. Consider this situat

Answer 1

1. Only before you are printing value(no matter from DB or from $_GET/$_POST) into HTML. htmlentities have nothing to do with database.
2. B is overkill. You should mysql_real_escape_string before inserting to DB, and htmlentities before printing to HTML. You don't need to strip tags, after htmlentities tags will be displayed on screen as < b r / > e.t.c

Theoretically you may do htmlentities before inserting to DB, but this might make further data processing harder, if you would need original text.

3. See above