I have these two lines of code:
echo ('<input id=cat[] name=cat[] class="element checkbox" type = "checkbox" value="'.$category->slug.'" />');
echo ('<label class="choice" for=cat[]>'.$category->name.'</label>');
How can I clean them to avoid any possible XSS?
I tried using htmlspecialchars but the result is that it shows the code on the browser page, as a string and does not replace the variables with the content.