diff --git a/comments.php b/comments.php
index 1f2c573..b39a00b 100644
--- a/comments.php
+++ b/comments.php
@@ -97,8 +97,8 @@
 				$name 	= $user['userid'];
 			} else {
 
-				$name 	= trim(stripslashes(@$_POST['name']));
-				$email 	= isset($_POST['email'])? trim($_POST['email']) : null;
+				$name 	= trim(htmlspecialchars(@$_POST['name']));
+				$email 	= isset($_POST['email'])? trim(htmlspecialchars($_POST['email'])) : null;
 				$url 	= isset($_POST['url'])? trim(stripslashes(htmlspecialchars($_POST['url']))) : null;
 				
 				/*