I use jquery ajax and some methods - after, replacewith, html. For all "get" and "post" data i use htmlspecialchars. Is it safe to use jquery methods when validate data using htmlspecialchars?
If you mean XSS-attack, it makes sense to format the output data:
htmlentities($str, ENT_QUOTES, 'UTF-8');
Incoming data must be escaped and checked for compliance with the type. What you output to the client affects only him.
htmlspecialchars only convert special characters to HTML entities. This function doesn't escape variables.
For select,insert,update and ... use mysqli_real_escape_string
$val = mysqli_real_escape_string($_POST['val']);
"INSERT INTO `table` (`val`) VALUES ('$val;')";
For echo or fetch from database by mysqli use htmlspecialchars
while($row = ...){
echo htmlspecialchars($row["val"],ENT_QUOTES,'UTF-8');
}