htmlentities() doesn’t even come close.
This small file contains 4 functions (2 of which are taken from the PHP manual, credit given!) which will allow you to encode and decode entities from ASCII/unicode strings in either decimal or hexadecimal format for use in valid XML documents.
xml_entity_decode() function accepts an optional second parameter to allow non-standard XML entities (that may have been specified in your schema) in the format:
array( // 'entity' => 'char' 'amp' => '&', 'lt' => '<', 'gt' => '>', 'apos' => '\'', 'quot' => '"' )
include('funcs.xmlentities.php'); $s = 'This should be safe, but don\'t assume!
'; print '
'.xmlentities($s).''; // outputs: <strong>This</strong> should be safe, but don't assume!<br/>