What are the best practices for handling user inputs in PHP, especially when it comes to keyboard events?

When handling user inputs in PHP, especially keyboard events, it is important to sanitize and validate the input to prevent security vulnerabilities like SQL injection or cross-site scripting attacks. One way to do this is by using PHP's filter_input function with appropriate filter flags for input validation. Additionally, you can use htmlentities function to encode user input before displaying it to prevent XSS attacks.

// Example of handling user input from a POST request
$userInput = filter_input(INPUT_POST, 'user_input', FILTER_SANITIZE_STRING);
if($userInput){
    // Process the sanitized user input
    echo "User input: " . htmlentities($userInput);
} else {
    // Handle invalid input
    echo "Invalid input";
}