Ok, so I changed the method, and used htmls***********_d*c*** with ENT_QUOTES. What else do I need? Sorry if I sound rude but this one's getting on my nerves
That's not the right function to use. Think about what the function you're talking about would do. Think about what type of attack you're trying to prevent. Are the answers to those questions the same, or are they mutually exclusive?
As has already been said multiple times - there are several perfectly valid ways to prevent exploitation of the presented vuln. And the code should really allow any of the various alternatives... But currently, it does not. Which can be helpful on the one hand, because it forces you to think about all the different ways you can accomplish the task. Unless, of course, your first guess is the right one.