I have this code to echo out a username of a user that has just logged in:
echo $_SESSION['user']['username']."
Would I be right in thinking that if I change my code to:
echo htmlspecialchars $_SESSION['user']['username']."
i am protecting myself from low level XSS atleast?