htmleditformat & Database Field Lengths

I happened across an article about SQL injection, a topic I frequently look back into to see what new threats have been discovered, and this particular author was pushing for the use of htmleditformat on all form data being inserted into a database. Now I have coded and secured several different websites against SQL injection, each using simlar to slightly-varied techniques at blocking those pesky hackers, so my question is not how to prevent SQL injections, but instead my question is more about htmleditformat and database field lengths.

htmleditformat on user-inserted data is part of my SQL injection prevention scheme, but on rare occasion I have this problem:

Let's say I have a field in my database for the user's first name, with a generous length of 20 characters.

The user's name, just as an example, is 18 characters long. No problem, right?

But let's say that user's name has a symbol, or foreign language character, that then gets converted by htmleditformat behind the scenes? Suddenly that 18 characters balloons up to 23 characters, generating an error because my CFQUERYPARAM maxlength is 20, not to mention the field in the database.

So, for those who do scrub user data with htmleditformat, how do you handle this, if at all?