It depends on what you are going to do with the user input. If it is only going to go into an HTML email, escaping it as Igor suggests should make it safe.
I did give a cursory glance to the form-mail tutorial you posted in your other topic.
…And thought it’s not the best example. It does sanitise and escape the input, which is wise, but there is little in the way of validation or spam protection. So you should expect a lot of nuisance from spammers.
IMO, if you have a form without spam protection, why bother with a form, just publish your email address and get spammed directly.
The method for detecting a submission isn’t great:-
if($_POST) {...
The preferred method is:-
if($_SERVER['REQUEST_METHOD'] == 'POST'){...
Also it uses the mail() function, which isn’t great. Something like PHPMailer is better as droopsnoot mentions.