Security is very important part of the work when it comes to building web applications. There are many methods you can use in order to make your web application more secure. Very often, improved security can be a hassle for regular users, and that is the price you need to pay for more secure application.
One of the methods that malicious users can try on web site is XSS Atack or Cross Site Scripting. If web site allows users to enter data in the form, that data can automatically become a threat as the user has freedom to enter anything in the form. If the data is not properly formatted, it could be dangerous for the site.
htmlspecialchars() is similar to htmlentities() function, except that this one translate only some of the HTML characters while others are preserved. You can see the exact list of characters on php.net manual.