<?php 
$bad = '<script>alert("boo!")</script>';
$ok = htmlspecialchars($bad,ENT_QUOTES); // < > & " ' 
print "Alert...$bad";
print $ok;
?>