<?php
 $inputString = mysql_escape_string(htmlentities($inputString));
?>