1) HTML has nothing to do with SQL injection. You don't need to add it to prevent injection... maybe cross-site scripting, but that can be handled on the display side or the database side with equal results.
2) WebAssist does not offer a solution for writing a file. This is relatively easy to do in php with a little scripting.