when to use htmlspecialchars() function?

php htmlspecialchars

Solution 1:

You should only call this method when echoing the data into HTML.

Don't store escaped HTML in your database; it will just make queries more annoying.
The database should store your actual data, not its HTML representation.

Solution 2:

You use htmlspecialchars EVERY time you output content within HTML, so it is interperted as content and not HTML.

If you allow content to be treated as HTML, you have just opened the door to bugs at a minimum, and total XSS hacks at worst.

Solution 3:

Save the exact thing that the user enters into the database. then when displaying it to public, use htmlspecialchars(), so that it offers some xss protection.

Related

Output to the same line overwriting previous
How do you implement a FileObserver from an Android Service
Find out which class called a method in another class
How to do row-to-column transposition of data in csv table?
What does "an Arbitrary Object of a Particular Type" mean in java 8?
Extract day of year and Julian day from a string date
.NET Framework 3.5 and TLS 1.2
What is the difference between the 'shell' channel and the 'exec' channel in JSch
Cleanest way of capturing volume up/down button press on iOS 8
JavaFX Properties in TableView
How can I set cron to run certain commands every one and a half hours?
Why should you not use Number as a constructor? [duplicate]