Run the HTML string through mysql_real_escape_string() to prevent the HTML causing problems with the SQL query syntax (and for a basic, much needed security boost) if you're not already.

Do not transform the data (i.e. using htmlspecialchars, etc.) where it's not necessary. That's a basic rule of thumb and an important one to learn.