Prevent HTML to be displayed from $_GET method

I’m currently working on a user management system.
I have the register and sign-in page among other sites, that all use the $_GET function. After experimenting around a bit I noticed that you can print HTML code from the GET parameters when you exactly know what you are doing. There is probably a way to exploit this by using the onerror in an img tag e.g.

How can I prevent this from happening?