what’s different between esc_attr, htmlspecialchars and htmlentities
esc_attr() is written specifically for escaping a string that is to be used as an html attribute, which means also escaping single and double-quote characters etc. In general, it’s better to use the data validation API that WP provides rather than the generic PHP functions.