There are a lot of different security measures you could take when create a website, and I would start with sanitizing inputs, since it's a form. This means that for every input a user writes must be parsed and checked before being processed. This is inmortant because if the inputs are not checked, a user might execute SQL or Javascript on your page through inputs. The way this works is that you convert all inputs as text before handling them in your system. That way, you would be a lot safer. Check this thread for how you can do this type of sanitazion: https://stackoverflow.com/questions/2794137/sanitizing-user-input-before-adding-it-to-the-dom-in-javascript

In addition, I recommend you to read this article about csrf tocken https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work

You can secure forms through JS/JQuery, but also with HTML, i usually insert security both in the form page and in the data process page with php functions.

You could use something that is already made like easyform validator for Jquery, or you can also validate forms by yourself, simply by retrieving the values from the form filed and look for all those special character like ' ; . , * and behave the way you think, usually by not allowing to submit if those char are founded

usually is better to combine in the action page other validator like real_escape_string or another check on the POST array or GET array