strip_tags() removes tags but won't encode quotes or even > characters outside of tags, which can be used to break out of tag or script blocks where the GET variable is referenced.
strip_tags may be enough in your application, but htmlspecialchars() is the more complete blocker for XSS attacks in all situations where they may occur.