• One of two fundamental security rules: (1) filter and validate all input; (2) escape output
• Always escape outside data unless previously filtered
• Typical output formats that require escaping when containing user data: html, json, sql
• Never rely on client side (javascript) filtering
• Functions used to escape data before outputting within html: htmlspecialchars() htmlentities() strip_tags()
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.