Sanitizing input

[stuffradio]

What are the best things to use to protect me from all XSS attacks?

 

A website told me to use the following:

urlencode

htmlentities

 

Is there anything else I should use? If so... when should I use them?

 

Thanks

[helraizer]

The way I did it (from what I've learnt only today thanks to the beta-testing forum ) is use htmlspecialchars and htmlspecialchars_decode.

 

It converts the symbols " ' < > & to " &#039; < > & - so then they can't use "> to close you input tag.