PHP Tutorial - PHP htmlspecialchars() Function
Definition
The htmlspecialchars() function converts some predefined characters to HTML entities.
The predefined characters are:
- & (ampersand) becomes &
- " (double quote) becomes "
- ' (single quote) becomes '
- < (less than) becomes <
- > (greater than) becomes >
To convert special HTML entities back to characters, use the htmlspecialchars_decode() function.
Syntax
PHP htmlspecialchars() Function has the following syntax.
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = 'UTF-8' [, bool $double_encode = true ]]] )Parameter
- string - The string being converted.
- flags - A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is ENT_COMPAT | ENT_HTML401.
- encoding - Defines encoding used in conversion. If omitted, the default value for this argument is ISO-8859-1 in versions of PHP prior to 5.4.0, and UTF-8 from PHP 5.4.0 onwards.
- double_encode - When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.
Available flags constants
| Constant Name | Description |
|---|---|
| ENT_COMPAT | Will convert double-quotes and leave single-quotes alone. |
| ENT_QUOTES | Will convert both double and single quotes. |
| ENT_NOQUOTES | Will leave both double and single quotes unconverted. |
| ENT_IGNORE | Silently discard invalid code unit sequences instead of returning an empty string. Using this flag is discouraged as it ? may have security implications. |
| ENT_SUBSTITUTE | Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string. |
| ENT_DISALLOWED | Replace invalid code points for the given document type with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of leaving them as is. This may be useful, for instance, to ensure the well-formedness of XML documents with embedded external content. |
| ENT_HTML401 | Handle code as HTML 4.01. |
| ENT_XML1 | Handle code as XML 1. |
| ENT_XHTML | Handle code as XHTML. |
| ENT_HTML5 | Handle code as HTML 5. |
For the purposes of this function, the encodings ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, provided the string itself is valid for the encoding, as the characters affected by htmlspecialchars() occupy the same positions in all of these encodings.
The following character sets are supported:
| Charset | Aliases | Description |
|---|---|---|
| ISO-8859-1 | ISO8859-1 | Western European, Latin-1. |
| ISO-8859-5 | ISO8859-5 | Little used cyrillic charset (Latin/Cyrillic). |
| ISO-8859-15 | ISO8859-15 | Western European, Latin-9. Adds the Euro sign, French and Finnish letters missing in Latin-1 (ISO-8859-1). |
| UTF-8 | NoAlias | ASCII compatible multi-byte 8-bit Unicode. |
| cp866 | ibm866, 866 | DOS-specific Cyrillic charset. |
| cp1251 | Windows-1251, win-1251, 1251 | Windows-specific Cyrillic charset. |
| cp1252 | Windows-1252, 1252 | Windows specific charset for Western European. |
| KOI8-R | koi8-ru, koi8r | Russian. |
| BIG5 | 950 | Traditional Chinese, mainly used in Taiwan. |
| GB2312 | 936 | Simplified Chinese, national standard character set. |
| BIG5-HKSCS | NoAlias | Big5 with Hong Kong extensions, Traditional Chinese. |
| Shift_JIS | SJIS, SJIS-win, cp932, 932 | Japanese |
| EUC-JP | EUCJP, eucJP-win | Japanese |
| MacRoman | NoAlias | Charset that was used by Mac OS. |
| '' | NoAlias | An empty string activates detection from script encoding (Zend multibyte), default_charset and current locale (see nl_langinfo() and setlocale()), in this order. Not recommended. |
Return
PHP htmlspecialchars() Function returns the converted string.
Example 1
Convert the predefined characters "&" (less than) and ">" (greater than) to HTML entities:
<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>
The code above generates the following result.
Example
Convert some predefined characters to HTML entities:
<?php
$str = "PHP & 'Java'";
echo htmlspecialchars($str, ENT_COMPAT); // Will only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>
The code above generates the following result.
