What are the best practices for handling user input from HTML forms in PHP to prevent security vulnerabilities like XSS attacks?

To prevent security vulnerabilities like XSS attacks when handling user input from HTML forms in PHP, it is essential to sanitize and validate the input data before processing or displaying it. This can be achieved by using functions like htmlspecialchars() to escape special characters and prevent malicious code execution.

// Example of sanitizing user input from an HTML form to prevent XSS attacks
$user_input = $_POST['user_input'];
$sanitized_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
// Now $sanitized_input can be safely used in your application