How can PHP variables be secured against XSS-cross attacks?

To secure PHP variables against XSS-cross attacks, you can use the htmlspecialchars() function to escape special characters in the variable before displaying it on a webpage.

$unsafe_variable = "<script>alert('XSS attack!');</script>";
$safe_variable = htmlspecialchars($unsafe_variable, ENT_QUOTES, 'UTF-8');
echo $safe_variable;