my $collection = $cgi->param('collection') ? encode_entities($cgi->param('collection'),'/<>"') : undef;