Ensure your connection to the database is UTF8 with SET NAMES 'utf8';
Send a header to declare your page is UTF8. This also ensures POST content is sent to you in UTF8. The browser will help convert for you. header('Content-Type: text/html; charset=utf-8');
Use htmlspecialentities() for making user submitted or untrusted text safe to display in HTML or XML. It will do the bare minimum and nothing more. htmlspecialchars($utf8_string, ENT_COMPAT, 'UTF-8');