This week's book giveaway is in the Agile and Other Processes forum. We're giving away four copies of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java and have Dr. Raoul-Gabriel Urma & Richard Warburton on-line! See this thread for details.
(The data I will display is dynamic and will come from a database. It can contain special characters. I heard another team's html was broken by an & character, and I will also read that database and display its data.)
If you are using a database, you are probably using a server-side language. If it is servlets and JSP then use of the JSTL <c:out> action will automatically encode output properly.
I will disagree with Eric with regards to encoding the data sent to the database. That limits it usefulness for environments other than the web. The data should be encoded on output. [ October 16, 2006: Message edited by: Bear Bibeault ]