- htmlspecialchars: documentation ( source)
<?php
echo htmlspecialchars('<script>alert("xss")</script>') . "\n";
echo htmlspecialchars('<script>alert("xss")</script>', ENT_QUOTES | ENT_HTML401) . "\n";
echo htmlspecialchars(htmlspecialchars('<script>alert("xss")</script>')) . "\n";
echo htmlspecialchars(htmlspecialchars('<script>alert("xss")</script>', ENT_QUOTES | ENT_HTML401)) . "\n";
echo htmlspecialchars(htmlspecialchars(htmlspecialchars('<script>alert("xss")</script>'))) . "\n";
echo htmlspecialchars(htmlspecialchars(htmlspecialchars('<script>alert("xss")</script>', ENT_QUOTES | ENT_HTML401))) . "\n";