Hm. I coulndt (wouldnt) use encode_entities($_) after all.. because then its not possible to post emojis in the forms... they will just show as weird letters. So I went back to using my $navn = encode_entities($navn, '<>&"'); which at least prevents html-code to mess up the html.