Hi guys

I'm creating a comment system, where users could post their comments about particular titles.

I'll collecting:
  • Name
  • Email
  • Comment
  • IP address (via $_SERVER['REMOTE_ADDR'])

I'll be storing this comments in the database and will be displaying later.

What I wanna do:
  • remove any sql injection possibilies (presently, I'm not using PDO or mySQLi)
  • remove any possible HTML code or any scripts being entered by the user
  • display only plain-text


I have tried gathering some info from Google.
strip_tags()
PHP Filter Functions
htmlentities

But I'm a bit confused as some people used depreciated functions.

If you are supposed to create something like this, what all things will you use/include ?

Thanks