$name = html_special_chars(mysql_real_escape_string($name));

$text = html_special_chars(mysql_real_escape_string($text));