For security reason and to avoid cross site scripting and injection, escape user inputs in phttp://stackoverflow.com/questions/1005264/escape-text-for-html
Bruce Ng's software development blog
An archive of solutions of programming problems I have faced in my career