By using htmlspecialchars once on input, you don't have to use it many other times on output, and you can't forget to use it on an output and thereby expose your data to misuse.
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent
HTMLSpecialChars() is used on the output side of the processing before you echo any data to the browser. In a well-designed application it would never be used on any data that is stored, just on the output.