Are there any best practices or alternative methods to consider when sanitizing user input in PHP, apart from using htmlspecialchars()?

When sanitizing user input in PHP, using htmlspecialchars() is a common practice to prevent cross-site scripting (XSS) attacks by converting special characters to HTML entities. However, an alternative method to consider is using filter_var() with the FILTER_SANITIZE_STRING flag to remove any tags or special characters from the input.

// Using filter_var() with FILTER_SANITIZE_STRING to sanitize user input
$userInput = '<script>alert("XSS attack")</script>';
$sanitizedInput = filter_var($userInput, FILTER_SANITIZE_STRING);
echo $sanitizedInput;