Hi, there is not one sure-fire way to make a website secure. I use several different techniques to make sure that the input I get from the users is correct. For example, if we need to accept only IDs which are composed solely of digits we can use "ctype_digit" function to check it. In that case we don't have to use AntiXss to clean the ID because ctype_digit is way faster than AntiXss->xss_clean() method. I also use filter_input and filter_var methods to check for correct input as well.
Anyways, I bid only to give you some advice. If you need my advice then surely you can send me a message. I would be more than happy to help you.