Does mysql_real_escape_string() escape HTML character entities? I want people on my comment board to be able to post quotes in their comments, but they get escaped as raw ascii, so I run them through htmlentities() first, but it doesn't help. I only get it to work when I remove mysql_real_escape_string(), like this:
nl2br(strip_tags(/*mysql_real_escape_string(*/htmlentities($_POST["comment"],ENT_QUOTES)))/*)*/
. Is this expected?