It's a bug? What should I do?

It's a bug. why ??? A specific statement $ str = '& lt; pre & gt; & lt; spanstyle = & quot; color: red & quot; & gt; 123 & lt;/span & gt; & lt;/pre & gt; '; when the database is inserted, it is a bug ???
A statement

$ Str ='

123

';

When I inserted the database, I printed it out and watched the source code,

What's strange is that

After the database is saved, the source code becomes

123

This is what is stored in the database. it's really a bad idea ....

Is it a bug ??

------ Solution --------------------
I printed the SQL statement.
-----------------------
Check the output in the source code of the browser.

No conversion?
------ Solution --------------------

Check whether the database data is normal.
Abnormal Check:
Echo $ SQL is not materialized before INSERT.

Normal:
It is the physical output.
------ Solution --------------------
Escape characters.

Use the addslashes function to insert data into the database. use the stripslashes function to restore the data to normal.
------ Solution --------------------
The TP database is automatically processed.
------ Solution --------------------
I agree that the upstairs is to prevent SQL injection attacks. The escape added last time is useless. But it seems that the "<" and "> "(.
) To "& \ lt", "& \ gt ". In this way, the code is correctly displayed and the code is not executed.
------ Solution --------------------
You used thinkphp and thinkphp to insert and convert tags.