when to use htmlspecialchars() function?

Question

Hi I was wondering when is the appropriate place to use htmlspecialchars(). Is it before inserting data to database or when retrieving them from the database?

Answer 1

You should only call this method when echoing the data into HTML.

Don't store escaped HTML in your database; it will just make queries more annoying.
The database should store your actual data, not its HTML representation.