When should htmlspecialchars() be used in PHP, specifically in relation to database operations?

When dealing with user input that will be stored in a database, it is important to use the htmlspecialchars() function to prevent Cross-Site Scripting (XSS) attacks. This function converts special characters like < and > into their HTML entities, ensuring that the input is displayed as text rather than interpreted as code by the browser. This is particularly important when displaying user-generated content on a webpage to prevent malicious scripts from being executed.

// Assuming $input contains user input to be stored in the database
$clean_input = htmlspecialchars($input, ENT_QUOTES);

// Now $clean_input can be safely stored in the database