my $q = CGI->new();
# stuff
$string = $q->escape($string);