print my $cgi->escapeHTML( $tags); # should be $query not $cgi
print $query->escapeHTML( $tags );