As I did yesterday, using it to convert C code to safe HTML text.

As a general principle, always HTML-escape any data received from a form before displaying it again.

If any data is to go on to a database or be used to access data in a database then that really must be SQL escaced to limit/prevent SQL injection attacks.

These two procedures are not language specific.

Always use the taint flag in perl CGI scripts i.e

#!/usr/bin/perl -T

or

#!/usr/bin/perl -wT

to also have warnings on.

The way to untaint form data is to use regexps. This verifies the data is in the range expected.