I am using prepared statements to store, retrieve and update data to or from the database. Do I need to use htmlspecialchars() or htmlentities() if I am using prepared statements?

From what I understand, you dont need to use htmlspecialchars() when inserting data and it only concerns html that is outputted…

I have a situation where I am using a prepared statement to store user input from a register form like so:

$stmt = $conn2->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
$stmt->bind_param('sss', $username, $email, $password);
$stmt->execute();

I have another script that is retrieving the username and password when logging in and displaying their username on screen like so:

$stmt = $conn2->prepare("SELECT username FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {

$stmt->bind_result($name);
$stmt->fetch();

I have also put the username in a SESSION and echoed the session like so:

echo $_SESSION['user']['username']

From this example, do I need to use htmlspecialchars() or htmlentities() when displaying the username? Is this what is meant by outputting the HTML?

If so, where would I implement htmlspecialchars() or htmlentities()??