lots of css/html in one field ok?; escape chars

History: I am relatively new to db design, although I have used db's for a few projects. This one is the first time I need to keep things secure. The goal is to have patient forms on a doc's website, where pt's can go in, fill out the forms, then submit them. I have the secure socket https all set up, but i am working on a secure solution of going from the server to the doc's office.

I first thought of sending an e-mail, which is how it is currently set up. But this is not secure. So I thought I should make a db that the patient's submit data into, and then the doc's office can log in over a secure connection https to retrieve the data. An e-mail would go out to the doc's office letting them know that a patient has submitted a form, and they should go retrieve it.

Current Day: I have the db and one table, with 4 columns: AID, Patient, FormID, and FormData. My question is, I want to dump the output of my HTML/CSS e-mail into the FormData field, which is a lot of text. Can I do this (size limitations)? And secondly, do I need to worry about escape characters, etc. for things like quotes " single quotes ' and other chars that will inevitably be in that HTML/CSS? If so, how would you recommend that I handle this solution. On the grand scheme of things, if you can offer a better solution, I'm all ears! Thanks for your help!

anyone?