What are some best practices to avoid security vulnerabilities when parsing strings in PHP?

When parsing strings in PHP, it is crucial to sanitize and validate user input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. One best practice is to use functions like `htmlspecialchars()` or `mysqli_real_escape_string()` to escape special characters before processing the input.

// Example of sanitizing user input using htmlspecialchars()
$input = "<script>alert('XSS attack');</script>";
$sanitized_input = htmlspecialchars($input, ENT_QUOTES, 'UTF-8');
echo $sanitized_input;