Want to remove the "<" and ">" characters, not sure where (Need Expert)

[dailce]

Hello,

 

This may be a bit complicated but basically I need to strip any character like "<" and ">" from the filter_id and currencies. I think I have narrowed it down to the pull down menus, possibly the GET method. Where the GET method has a XSS security issue.

 

I want to ensure you turn the > and < into their HTML encoded equivalents before sending it back to the browser.

 

Ensure that parameters and user input are stripped of HTML tags before using.

 

I checked the Oscommerce code and I'm not sure how to implement this.

 

Any ideas how this can be accomplished?