I have an admin section within my site where items can be stored. Once they are stored, they are displayed on the front end. Part of my display involves code like the following:
echo "<p>".$rose['description']."</p>";
Does this need to have htmlspecialchars included into it to protect from xss at a low level?