What is the htmlspecialchars () function explain with example?
❮ PHP String Reference Show ExampleConvert the predefined characters "<" (less than) and ">" (greater than) to HTML entities: $str = "This is some bold text."; The HTML output of the code above will be (View Source):
This is some <b>bold</b> text. The browser output of the code above will be: This is some bold text. Try it Yourself » Definition and UsageThe htmlspecialchars() function converts some predefined characters to HTML entities. The predefined characters are:
Tip: To convert special HTML entities back to characters, use the htmlspecialchars_decode() function. Syntaxhtmlspecialchars(string,flags,character-set,double_encode) Parameter Values
Technical Details
More ExamplesExampleConvert some predefined characters to HTML entities: $str = "Jane & 'Tarzan'"; The HTML output of the code above will be (View Source):
Jane & 'Tarzan' Jane & 'Tarzan' Jane & 'Tarzan' The browser output of the code above will be: Jane & 'Tarzan' Try it Yourself » ExampleConvert double quotes to HTML entities: $str = 'I love "PHP".'; The HTML output of the code above will be (View Source):
I love "PHP". The browser output of the code above will be: I love "PHP". Try it Yourself » ❮ PHP String Reference What is the need of Htmlspecialchars () function explain with an example?The htmlspecialchars() function is used to converts special characters ( e.g. & (ampersand), " (double quote), ' (single quote), < (less than), > (greater than)) to HTML entities ( i.e. & (ampersand) becomes &, ' (single quote) becomes ', < (less than) becomes < (greater than) becomes > ).
What is the use of HTML entities () function in PHP?htmlentities() Function: The htmlentities() function is an inbuilt function in PHP that is used to transform all characters which are applicable to HTML entities. This function converts all characters that are applicable to HTML entities.
What does Htmlspecialchars return?This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.
When should I use Htmlspecialchars?You use htmlspecialchars EVERY time you output content within HTML, so it is interpreted as content and not HTML. If you allow content to be treated as HTML, you have just opened the door to bugs at a minimum, and total XSS hacks at worst.
|