I have the following code:
<input type="text" name="nr_p_vac" value="<?php echo htmlspecialchars($row['nr_p_vac']); ?>">
where $row['nr_p_vac'] is test ' " / /n /t <>.
When I'm not using htmlspecialchars in the input there's only test ' (of course, because " is not escaped).
When I'm using the htmlspecialchars function the input has the correct value ' " / /n /t <> (because now ' and " are properly escaped).
But shouldn't the content of the input be transformed into something like test ' '"' etc.?
Is it ok to use htmlspecialchars in this case?
You can look the page source and you will see that the value is
' " / /n /t <>
It is ok to use it in your case
Already answered here: How to properly escape html form input default values in php?