avoid user input <> to jabascript hack in sql while saving to database

//taking inpur from user

if (isset($_POST['submit'])) {

    $comment_content = $_POST['commentContent'];

    //replace input by below code

    $comment_content = str_ireplace('<','&lt',$comment_content);

    $comment_content = str_ireplace('>','&gt',$comment_content);

    

    //send data to database

    $sql  = "INSERT INTO comments (comment_content,comment_user,thread_id) VALUES 

            ('$comment_content','$userName','$threadID')";

    $ifSuccess = mysqli_query($conn,$sql);

    if($ifSuccess){

        echo 'successfully Saved to database';

    }

  }