No It's not risky since php does not interpret the code and actually you don't use eval
for this values so it will be shown as a plain text.
Now the thing is you should validate user's inputs. for example if this is an input for firstname, no one's name contains < or ?. so you can use Regexp to validate values.
Or you should print htmlentities
of the value instead of raw value.