You must encode input sent to the server, because otherwise the anti Cross Site Scripting protection on the server will block the entire request. However, you decode this input before saving to the DB.
In other, what you see in the POST isn’t necessarily what is saved to the database.
8
solved Should I save in db – user input as html encode?