When outputting things from user input or from the database you'll want to make sure to use the following code to avoid XSS and other attacks.

Anytime you output something just call o("whatever it is");
{codecitation}
    function o($data) {
        $data = htmlentities(trim($data), ENT_QUOTES);
        return $data;
    }
{/codecitation}