my $comment = $cgi->param('comment') || ''; # or whatever

...

my $comment_html = $cgi->escapeHTML($comment);
print header();
print "<p>Comments: $comment_html\n";