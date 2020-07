If you do a ‘view source’ of the output in your browser, you will see the html entities.

htmlspecialchars() is an OUTPUT function. You use it when you output dynamic values on a web page. You do NOT use it on input data that you are going to use in your server-side code.

The only alteration you make to input data that you are going to use in your server-side code is to trim() it, so that you can detect if all white-space characters were entered. Anything else changes the meaning of the data. After you trim the value, you should validate that the data is what you expect. If the data is valid, use it. If it is not valid, setup and display a message for the visitor telling them what was wrong with the submitted data.