Form Validation / prepping for insert

[eluser]jdgiotta[/eluser]
Then maybe I'm doing something wrong.

Code:

//...
$rules['username']    = "required|prep_for_form";
//...

I enter this into my username input field of the form

Code:

"> [removed]alert("CAN BE XSSd")[removed] /*

Submit, validation fails (obviously), but the repopulation breaks the HTML. I was assuming based on the functions description, that it would escape the special HTML characters.