I think your answer is about escaping not execution, e.g.:
Why does this text appear bold
versus:
<b>Why does this text appear bold</b>
The problem is escaping, but first, some notes:
The Problem With Calling it Execution
Executing is the wrong word to use, which is why your googling did not yield results. No PHP is being executed here. Instead, your browser is returning HTML markup, and the browser is displaying it. What you want is to display a code snippet without it showing as real HTML. So escaping/encoding is the problem, not execution, and people will get confused if you call it execution.
Execution implies that code runs, no code is running here.
esc_html and how functions work
You can’t just wrap a code block in esc_html( <code goes here>), that’s not how functions work. esc_html isn’t a magic modifier that wraps things like an if statement or a while loop, it isn’t a language construct, it’s a function.
Functions take something, do work on that something, then return it.
function func ( $in ) {
return 'output';
}
$in = 'input';
$out = func( $in );
echo $out; // output
esc_html is an escaping function. It takes unsafe input, escapes it, and returns it.
E.g.
echo esc_html( '<script>dangerous();</script>');
Outputs this in the HTML source:
<script>dangerous();</script>
Which will render in the browser as a readable string like this:
<script>dangerous();</script>
For Your Situation
$out="unescaped html code with no html entities";
echo esc_html( $out );
Additionally, you may want to look into other escaping functions for your other code as a security measure.