Try htmlspecialchars($string);
That will encode all the HTML tags to character codes (<div> would become <div>, which will be displayed without being parsed as html) This way, script tags cannot be created as well.
Be sure to clean the content before supplying it to a database though, for example by escaping with mysqli_escape_string() (others will probably advice you to use prepare statements).
It is most likely not best practice to put HTML character encoded strings into the database, as it simply increases the string size unnecessarily. (And it doesn't provide protection against SQL injection on its own)