certo..
Codice PHP:
<?php
$str="<object type=\"application/x-shockwave-flash\" data=\"http://www.cc.cc\"><param name=\"movie\" value=\"http://www.cc.cc\" /></object>";
?>

<input type="text" name="nome" value="<?php echo htmlentities($str,ENT_QUOTES?>"