You want to be escaping your information before display. First thing you want to do is make sure you simply remove anything that shouldn’t be there. If the comment should not contain HTML tags, you can use something like strip_tags. If it should be only numbers, look for non numbers using something like a regular expression pattern (aka preg_match)
Once you have removed anything that you think shouldn’t be there from the start, the second thing you should look at is the function htmlentities. Make sure you also use the encoding parameter, even thought it is not required. It is always a good idea to make sure you use that. 