Just use ENT_QUOTES everywhere. PHP gives the option in case you need it, but 99% of the time you don’t. Escaping the quotes unnecessarily is harmless.
htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
Because that code is just too long to keep writing everywhere wrap it in some tiny function.
function es($string) {
return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
Reference :
1. https://www.php.net/manual/en/function.htmlspecialchars.php