I am using TinyMCE to allow users to edit the content of certain pages, the problem is that I should store html tags, along with class=”” -es and ..etc.
How should I defend the application against SQL injection, and store the html tags? (main problem is the ” -s, It is messing up the mysql query)

In nutshell, I don’t know how to add the $_POST (which is a text) to the insert_to_content() function.

    $html = "";
    $url = "";if (isset($_GET["page"])) {$url = safesql($_GET["page"]);}
    $sqlSelectPageText = mysql_query('SELECT * FROM content WHERE name="'.$url.'" LIMIT 1');
    $pageText = mysql_fetch_array($sqlSelectPageText); /**/ $sqlSelectPageText = ""; 
    if (isset($_GET["edit"]) and isset($_POST["text"])) {
        insert_to_content($url,I_SHOULD_DO_SOMTHG_WAAA($_POST["text"]));
        header('Location: admin.php?page='.$url);
    }

    $html .= '<div id="editor1div">';
    $html .= '<form action="admin.php?page='.$url.'&edit" method="post">';
    $html .= '  <input class="formsSubmit" type="image" src="images/yep2.png" alt="Save" />';
    $html .= '<p>Content:</p>';
    $html .= '  <textarea id="editor1" name="text">';
            $html .= '      '.$pageText["text"]; /**/$pageText = ""; 
    $html .= '  </textarea>';
    $html .= '</form>';
    $html .= '</div>';


    echo $html;

function insert_to_content($whatPage, $text) {
    if (mysql_query('UPDATE content SET text="'.$text.'", lastdate=NOW() WHERE name="'.$whatPage.'"')) {
        return true;
    } else {
        return false;   
    }
}

function I_SHOULD_DO_SOMTHG_WAAA($text) {
           //what should i do with it?
}

EDIT:
@CaNNaDaRk:
I am trying to use your work, but never used PDO (or OOP PHP) so.
So, is it possible that I don’t have this function? 😀
“Class ‘PDO’ not found in..”
`

$db = new PDO("mysql:host=$sqlHost;dbname=$sqlDb;$sqlUser,$sqlPass"); 
$stmt = $db->prepare('UPDATE content SET text=:text, lastdate=NOW() WHERE name=:name');
$stmt->execute( array(':text' => $html, ':name' => $whatPage ) );