What are the best practices for handling strings in PHP variables?

When handling strings in PHP variables, it is important to sanitize user input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. Use functions like htmlspecialchars() to escape special characters and prevent code injection. Additionally, always validate and sanitize input before processing or storing it in a database to ensure data integrity and security.

// Example of sanitizing user input in PHP variable
$user_input = "<script>alert('XSS attack!');</script>";
$sanitized_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
echo $sanitized_input;