diff --git a/twits.php b/twits.php
index ec31f8dcf41ce76e39a06c2dedd7206692d7288d..051677358414c40bdbcebe4676070e94746a8704 100644
--- a/twits.php
+++ b/twits.php
@@ -24,14 +24,14 @@ $post_url_image = null;
 
 
 if (isset($_POST['post_title'])) {
-    $post_title = $_POST['post_title'];
+    $post_title = htmlspecialchars($_POST['post_title']);
 }
 if ($post_title == null) {
     $errors = 'post title must be present';
 }
 
 if (isset($_POST['post_body'])) {
-    $post_body = $_POST['post_body'];
+    $post_body = htmlspecialchars($_POST['post_body']);
 }
 if ($post_body == null) {
     $errors = 'post body must be present';
@@ -49,7 +49,7 @@ if (isset($postImageName)) {
 }
 
 if (isset($_POST['post_url_image'])) {
-    $post_url_image = $_POST['post_url_image'];
+    $post_url_image = htmlspecialchars($_POST['post_url_image']);
 }