Many times data entered on the screen by a user, or data fetched from the db, contains less than (<), greater than (>), ampersand (&) and quotes etc. These characters have special meaning in html. And if these are passed in the view as such, they may garble the browser display.
The h() method prevents these characters in strings from garbling the browser display. The h() method escapes them as html entities.
h() method in rails does the same thing as htmlentities() does in php.
Update [17th Jan 2006] I just learnt that long name of h() is html_escape()