When to use htmlspecialchars vs filter_input ?
im confused when using htmlspecialchars vs filter_input for preventing bad input into php. I have got the hang of using prepared queries but I've not noticed when using the other two mentioned functions. Is htmlspecialchars mainly for outputting html to prevent XSS and is filter_input for handling the user input to prevent it from going through to cause harm?
