- htmlspecialchars: documentation ( source)
<?php
$question="<script>alert('hacked')</script>";
echo "<br>original question=",$question;
$question = make_secure( $question );
echo "<br>converted question=",$question;
echo "<br>converted question calling htmlspecialchars=",htmlspecialchars($question);
function make_secure($data) {
$data = htmlspecialchars($data); return $data; }