When programming web-based applications, using whatever your favourite programming language, for example, perl, c or php, it is always a good idea to check user input from web forms with function that will escape all special characters, for example "addslashes" in php. It is not a bad idea either to "trim" all the white space from beginning of the input. In php there is also this function "strip_tags", that will do a limited removal of html- and php-tags from a string in a variable.
Now you are asking the question: "Why?"
Let me explain. Without checking user input, it is possible to the user to input malicious code that can break the system. For example, this hole could be used to break the database, generating loss of data or possibly corrupting the whole database. It is also possible to input code that would harm the operating system running this services, or even exploit the root password, which of course is very bad thing.