I use a system on creating and then querying the data form the db into a table.The problem is that if I write for example <h1>test</h1>
, the table executes it as a html code.
How can I stop it from executing the code, just querying as simple text.
You need to sanitize the input on the server before using. This is also important to prevent SQL injection attacks.
How you do this depends on which server-side language you're using.
For PHP,
See: http://php.net/manual/en/function.strip-tags.php
See: http://www.bitrepository.com/sanitize-data-to-prevent-sql-injection-attacks.html