❮ PHP String Reference
Example
Convert the predefined characters "" [greater than] to HTML entities:
The HTML output of the code above will be [View Source]:
This is some <b>bold</b> text.
The browser output of the code above will be:
This is some bold text.
Try it Yourself »
Definition and Usage
The htmlspecialchars[] function converts some predefined characters to HTML entities.
The
predefined characters are:
- & [ampersand] becomes &
- " [double quote] becomes "
- ' [single quote] becomes '
- < [less than] becomes <
- > [greater than] becomes >
Tip: To convert special HTML entities back to characters, use the htmlspecialchars_decode[] function.
Syntax
htmlspecialchars[string,flags,character-set,double_encode]
Parameter Values
ParameterDescription
string
| Required. Specifies the string to convert
|
flags
| Optional. Specifies how to handle quotes, invalid encoding and the used document type. The available quote styles are: - ENT_COMPAT - Default. Encodes only double quotes
- ENT_QUOTES - Encodes double and single quotes
- ENT_NOQUOTES - Does not encode any quotes
Invalid encoding: - ENT_IGNORE - Ignores invalid encoding instead of having the function return an empty string. Should be avoided, as it may have security implications.
- ENT_SUBSTITUTE
- Replaces invalid encoding for a specified character set with a Unicode Replacement Character U+FFFD [UTF-8] or FFFD; instead of returning an empty string.
- ENT_DISALLOWED - Replaces code points that are invalid in the specified doctype with a Unicode Replacement Character U+FFFD [UTF-8] or FFFD;
Additional flags for specifying the used doctype: - ENT_HTML401 - Default. Handle code as HTML 4.01
- ENT_HTML5 - Handle code as HTML 5
- ENT_XML1 -
Handle code as XML 1
- ENT_XHTML - Handle code as XHTML
|
character-set
| Optional. A string that specifies which character-set to use. Allowed values are: - UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode
- ISO-8859-1 - Western European
- ISO-8859-15 - Western European [adds the Euro sign + French and Finnish letters missing in ISO-8859-1]
- cp866 - DOS-specific Cyrillic charset
- cp1251 - Windows-specific Cyrillic charset
- cp1252 - Windows specific charset for Western European
- KOI8-R - Russian
- BIG5 - Traditional Chinese, mainly used in Taiwan
- GB2312 - Simplified Chinese, national standard character set
- BIG5-HKSCS - Big5 with Hong Kong extensions
- Shift_JIS - Japanese
- EUC-JP - Japanese
- MacRoman - Character-set that was used by Mac OS
Note: Unrecognized character-sets will be ignored and replaced by ISO-8859-1 in versions prior to PHP 5.4. As of PHP 5.4, it will be ignored an replaced by UTF-8.
|
double_encode
| Optional. A boolean value that specifies whether to encode existing html entities or not. - TRUE - Default. Will convert everything
- FALSE - Will not encode existing html entities
|
Technical Details
Return Value:Returns the converted string If the string contains invalid encoding, it will return an empty string, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set
|
PHP Version:4+
|
Changelog:PHP 5.6 - Changed the default value for the character-set parameter to the value of the default charset [in configuration]. PHP 5.4 - Changed the default value for the character-set parameter to UTF-8. PHP 5.4 - Added ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5, ENT_XML1 and ENT_XHTML PHP 5.3 - Added ENT_IGNORE constant. PHP 5.2.3 - Added the double_encode parameter. PHP 4.1 - Added the
character-set
parameter.
|
More Examples
Example
Convert some predefined characters to HTML entities:
The HTML output of the code above will be [View Source]:
I love "PHP".
The browser output of the code above will be:
I love "PHP".
Try it Yourself »
❮ PHP String Reference
What is the need of Htmlspecialchars [] function explain with an example?
The htmlspecialchars[] function is used to converts special characters [ e.g. & [ampersand], " [double quote], ' [single quote], < [less than], > [greater than]] to HTML entities [ i.e. & [ampersand] becomes &, ' [single quote] becomes ', < [less than] becomes < [greater than] becomes > ].
What is the use of HTML entities [] function in PHP?
htmlentities[] Function: The htmlentities[] function is an inbuilt function in PHP that is used to transform all characters which are applicable to HTML entities. This function converts all characters that are applicable to HTML entities.
What does Htmlspecialchars return?
This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities[] instead.
When should I use Htmlspecialchars?
You use htmlspecialchars EVERY time you output content within HTML, so it is interpreted as content and not HTML. If you allow content to be treated as HTML, you have just opened the door to bugs at a minimum, and total XSS hacks at worst.