alert("boo!")'; $ok = htmlspecialchars($bad,ENT_QUOTES); // < > & " ' print "Alert...$bad"; print $ok; ?>]]>