when to use htmlspecialchars() function?

Question

Hi I was wondering when is the appropriate place to use htmlspecialchars(). Is it before inserting data to database or when retrieving them from the database?

Answer 1

Save the exact thing that the user enters into the database. then when displaying it to public, use htmlspecialchars(), so that it offers some xss protection.