What is the difference between strip_tags() and htmlentities() functions in PHP for sanitizing user input?

The strip_tags() function is used to remove HTML tags from a string, while htmlentities() function converts special characters to HTML entities. When sanitizing user input, strip_tags() is useful for removing any potentially harmful HTML tags, while htmlentities() is useful for encoding special characters to prevent XSS attacks.

// Sanitize user input using strip_tags() to remove HTML tags
$unsafe_input = "<script>alert('XSS attack');</script>";
$safe_input = strip_tags($unsafe_input);

echo $safe_input; // Output: alert('XSS attack');