HOME HTML5 CSS3 JAVASCRIPT JQUERY BOOTSTRAP5 v4.6 PHP7 SQL REFERENCES EXAMPLES FAQ SNIPPETS Online HTML Editor
String Functions
addcslashes addslashes bin2hex chop chr chunk_split convert_uudecode convert_uuencode count_chars crc32 crypt echo explode fprintf get_html_translation_table hebrev hex2bin html_entity_decode htmlentities htmlspecialchars_decode htmlspecialchars implode join lcfirst levenshtein localeconv ltrim md5 md5_file metaphone nl_langinfo nl2br number_format ord parse_str print printf quoted_printable_decode quoted_printable_encode quotemeta rtrim setlocale sha1 sha1_file similar_text soundex sprintf sscanf str_getcsv str_ireplace str_pad str_repeat str_replace str_rot13 str_shuffle str_split str_word_count strcasecmp strchr strcmp strcoll strcspn strip_tags stripcslashes stripslashes stripos stristr strlen strnatcasecmp strnatcmp strncasecmp strncmp strpbrk strpos strrchr strrev strripos strrpos strspn strstr strtok strtolower strtoupper strtr substr substr_compare substr_count substr_replace trim ucfirst ucwords vfprintf vprintf vsprintf wordwrap
Advertisements

PHP htmlspecialchars() Function

Topic: PHP String ReferencePrev|Next

Description

The htmlspecialchars() function converts characters that have special meaning in the context of HTML to their equivalent HTML entities. The following characters are considered special:

  • & (ampersand) converted to &
  • " (double quote) converted to ", unless ENT_NOQUOTES is set.
  • ' (single quote) converted to ' (for ENT_HTML401, this is default) or ' (for ENT_XML1, ENT_XHTML or ENT_HTML5), but only when ENT_QUOTES is set.
  • < (less than) converted to &lt;
  • > (greater than) converted to &gt;

This function typically reverses the effect of htmlspecialchars_decode() function.

The following table summarizes the technical details of this function.

Return Value: Returns the converted string. If the input string contains an invalid code sequence within the given charset it will return an empty string, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set.
Version: PHP 4+

Syntax

The basic syntax of the htmlspecialchars() function is given with:

htmlspecialchars(string, flags, charset, double_encode);

The following example shows the htmlspecialchars() function in action.

Example

Run this code »
<?php
// Sample string
$str = "It's an <b>amazing</b> story.";

// Converting the string
echo htmlspecialchars($str);
?>

The output of the above example will be (view source to get an idea):

It's an &lt;b&gt;amazing&lt;/b&gt; story.

However, in the browser you will see something like this:

It's an <b>amazing</b> story.

Note: The htmlspecialchars() is identical to htmlentities() in all ways, except that htmlspecialchars() only replaces &, <, and >, with option for single and double quotes. But htmlentities() replaces all characters which can be represented by HTML character entity.

Tip: You can use the get_html_translation_table() function to return the translation table that is used internally for the htmlspecialchars() and htmlentities() functions.

Parameters

The htmlspecialchars() function accepts the following parameters.

Parameter Description
string Required. Specifies the string to convert.
flags

Optional. Specifies how to handle quotes, invalid code sequences and which document type to use. You can specify one or more of the following flags.

The available flags constants for handling quotes are:

  • ENT_COMPAT – Converts double-quotes and leave single-quotes unconverted.
  • ENT_QUOTES – Convert both double and single quotes.
  • ENT_NOQUOTES – Leave both double and single quotes unconverted.

The available flags constants for handling invalid code sequences are:

  • ENT_IGNORE – Silently ignores invalid code sequences instead of returning an empty string. Avoid using this flag as it may have security implications.
  • ENT_SUBSTITUTE – Replaces invalid code sequences with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string.
  • ENT_DISALLOWED – Replaces code sequences that are invalid for the specified document type with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of leaving them as is.

The available flags constants for specifying the document types are:

  • ENT_HTML401 – Handle code as HTML 4.01.
  • ENT_HTML5 – Handle code as HTML 5.
  • ENT_XML1 – Handle code as XML 1.
  • ENT_XHTML – Handle code as XHTML.

The default value for this parameter is ENT_COMPAT | ENT_HTML401.
charset

Optional. Specifies which character set to use. Supported charsets are:

  • UTF-8 – ASCII compatible multi-byte 8-bit Unicode.
  • ISO-8859-1 – Western European, Latin-1.
  • ISO-8859-5 – Little used cyrillic charset (Latin/Cyrillic).
  • ISO-8859-15 Western European, Latin-9. Adds the Euro sign, French and Finnish letters missing in Latin-1 (ISO-8859-1).
  • cp866 – DOS-specific Cyrillic charset.
  • cp1251 – Windows-specific Cyrillic charset.
  • cp1252 – Windows specific charset for Western European.
  • KOI8-R – Russian.
  • BIG5 – Traditional Chinese, mainly used in Taiwan.
  • GB2312 – Simplified Chinese, national standard character set.
  • BIG5-HKSCS – Big5 with Hong Kong extensions, Traditional Chinese.
  • Shift_JIS – Japanese.
  • EUC-JP – Japanese.
  • MacRoman – Charset that was used by Mac OS.

If this parameter is omitted, it defaults to the value of the default_charset configuration option (inside php.ini file).
double_encode Optional. A Boolean value which specifies whether to encode existing html entities or not. Possible values are true and false. Default value is true which convert everything.

More Examples

Here're some more examples showing how htmlspecialchars() function actually works:

The following example demonstrates the handling of single-quotes using this function.

Example

Run this code »
<?php
// Sample string
$str = "Let's <b>pack</b> \"bag & baggage\".";

// Convert only <, > & and double-quotes
$a = htmlspecialchars($str);
echo $a; // Let's &lt;b&gt;pack&lt;/b&gt; &quot;bag &amp; baggage&quot;.

// Convert all special characters
$b = htmlspecialchars($str, ENT_QUOTES);
echo $b; // Let&#039;s &lt;b&gt;pack&lt;/b&gt; &quot;bag &amp; baggage&quot;.

// Convert single quotes to named entity
$c = htmlspecialchars($str, ENT_QUOTES | ENT_HTML5);
echo $c; // Let&apos;s &lt;b&gt;pack&lt;/b&gt; &quot;bag &amp; baggage&quot;.
?>

However, in the browser you will always see the string Let's <b>pack</b> "bag & baggage". View source (right-click and select View Page Source) of the example output to see the converted string.

Previous Page Next Page
Advertisements
Bootstrap UI Design Templates
Advertisements

Is this website helpful to you? Please give us a like, or share your feedback to help us improve. Connect with us on Facebook and Twitter for the latest updates.

About Us

Our Story Terms of Use Privacy Policy

Contact

Contact Us Report Error Advertise

Interactive Tools

Copyright © 2023 Tutorial Republic. All Rights Reserved.