How do I HTML Encode all the output in a web application?

Question

I want to prevent XSS attacks in my web application. I found that HTML Encoding the output can really prevent XSS attacks. Now the problem is that how do I HTML encode every

Answer 1

You don't want to encode all HTML, you only want to HTML-encode any user input that you're outputting.

For PHP: htmlentities and htmlspecialchars