How can PHP variables be securely passed as parameters in a JavaScript function?

When passing PHP variables as parameters in a JavaScript function, it is important to ensure that the values are properly sanitized to prevent any potential security vulnerabilities such as Cross-Site Scripting (XSS) attacks. One way to securely pass PHP variables as parameters is to use htmlspecialchars() function to escape special characters before outputting them in the JavaScript function.

<?php
$php_variable = "Hello, World!";
?>

<script>
function myFunction(param) {
    // Use htmlspecialchars() to escape special characters
    var js_variable = <?php echo json_encode(htmlspecialchars($php_variable)); ?>;
    alert(js_variable + param);
}

myFunction(" from JavaScript!");
</script>