The htmlspecialchars() function handles all the conversion of angle brackets and other HTML meta characters. Also, if magic quotes is turned off, which you can test with the get_magic_quotes_gpc() function you must use the mysql_escape_string() function on your data before entering it into the database.

For integer, boolean and number types make sure you cast them appropriatly with (int), (bool), (float) etc. before putting them inside a query.