strip_tags()removes any PHP or HTML tags from a string
nl2br()converts newline characters in the input to
htmlspecialchars()will entity-quote characters such as <, > and & remaining in the input after strip_tags() has run. This prevents them being misinterpreted as HTML and makes sure they are displayed properly in any output. Remember For SQL Processing: When entering data into a database,
addslashes()will escape characters with a special meaning to SQL, such as ' or ; by prefixing them with a backslash (\) Run
stripslashes()when pulling data back out from the database.