use CGI;
# stuff
$string= CGI::escape($string);