I've been working on a system which doesn't allow HTML formatting. The method I currently use is to escape HTML entities before they get inserted into the database. I've been told that I should insert the raw text into the database, and escape HTML entities on output.
Other similar questions here I've seen look like for cases where HTML can still be used for formatting, so I'm asking for a case where HTML wouldn't be used at all.
You will also restrict yourself when performing the escaping before inserting into your database. Let's assume you decide to not use HTML as output, but JSON, plaintext, etc. If you have stored escaped HTML in your database, you would first have to 'unescape' the value stored in the database, just to re-escape it again into a different format.
Also see this perfect OWASP article on XSS prevention