Sanitize user input from form data (input text)

I am currently running CI3 and would like some help on how I can sanitize user input to prevent 
1. XSS
2. Input such as <script>alert(some malicious code)</script>
3. HTML Injection 
I am using a combination of $this->db->escape_str/$this->db->esscape (Sticks quotes around the input) to save user input and htmlentities when displaying it.
I am able to input <script>alert(some malicious code)</script> and it is not caught or cleaned up by the functions above.

I will appreciate any help.
Hirsi