If you have a small website which uses php and accept just plain text from users or visitors you need to filter each request to be sure that nobody sends html to hack your site. I put following two lines at the top of my php file. Of course you can add the third line for cookies.
foreach($_GET as $k=>$v) $_GET[$k] = strip_tags($v);
foreach($_POST as $k=>$v) $_POST[$k] = strip_tags($v);