go to cflib.org and look up the safetext function. It will
give you a good start. It will also help protect you from cross
site scripting.
Use of cfqueryparam has a lot of benefits, including this. If
you can't use that, run some other function on anything the users
can send you. The actual functions depend on the datatype of the
field.