Convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities:
<?php $str = " This is some <b>bold</b> text. " ; echo htmlspecialchars ( $str ) ; ?>The HTML output of the above code is as follows (view source code):
< ! DOCTYPE html > <html> < body > This is some < b > bold < /b > text. </ body > </html>The browser output of the above code is as follows:
This is some <b>bold</b> text.The htmlspecialchars() function converts some predefined characters into HTML entities.
The predefined characters are:
& (ampersand) becomes &
" (double quote) becomes "
' (single quote) becomes '
< (less than) becomes <
> (greater than) become>
Tip: To convert special HTML entities back to characters, use the htmlspecialchars_decode() function.
htmlspecialchars( string,flags,character-set,double_encode )
| parameter | describe |
|---|---|
| string | Required. Specifies the string to be converted. |
| flags | Optional. Specifies how to handle quotes, invalid encodings, and which document type to use. Available quote types: ENT_COMPAT - Default. Only double quotes are encoded. ENT_QUOTES - Encodes double and single quotes. ENT_NOQUOTES - Do not encode any quotes. Invalid encoding: ENT_IGNORE - Ignore invalid encodings instead of having the function return an empty string. This should be avoided as this may have an impact on security. ENT_SUBSTITUTE - Substitutes an invalid encoding with the specified character with the Unicode replacement character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string. ENT_DISALLOWED - Replaces invalid code points in the specified document type with the Unicode replacement characters U+FFFD (UTF-8) or &#FFFD;. Additional flags specifying the document type to use: ENT_HTML401 - Default. Code processed as HTML 4.01. ENT_HTML5 - code processed as HTML 5. ENT_XML1 - Code processed as XML 1. ENT_XHTML - as XHTML processing code. |
| character-set | Optional. A string specifying the character set to be used. Allowed values: UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode ISO-8859-1 - Western Europe ISO-8859-15 - Western Europe (added euro symbol + French and Finnish letters missing from ISO-8859-1) cp866 - DOS-specific Cyrillic character set cp1251 - Windows-specific Cyrillic character set cp1252 - Windows-specific Western European character set KOI8-R - Russian BIG5 - Traditional Chinese, mainly used in Taiwan GB2312 - Simplified Chinese, national standard character set BIG5-HKSCS - Big5 with Hong Kong extension Shift_JIS - Japanese EUC-JP - Japanese MacRoman - Character set used by the Mac operating system Note: In versions prior to PHP 5.4, unrecognized character sets were ignored and replaced by ISO-8859-1. As of PHP 5.4, unrecognized character sets are ignored and replaced by UTF-8. |
| double_encode | Optional. A Boolean value that specifies whether to encode existing HTML entities. TRUE - Default. Each entity will be converted. FALSE - Existing HTML entities will not be encoded. |
| Return value: | Returns the converted string. If string contains an invalid encoding, an empty string is returned unless the ENT_IGNORE or ENT_SUBSTITUTE flag is set. |
|---|---|
| PHP version: | 4+ |
| Update log: | In PHP 5, the default value of the character-set parameter changed to UTF-8. In PHP 5.4, new: ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5, ENT_XML1, and ENT_XHTML. In PHP 5.3, ENT_IGNORE was added. In PHP 5.2.3, the double_encode parameter was added. In PHP 4.1, the character-set parameter was added. |
Convert some predefined characters into HTML entities:
<?php $str = " Jane & 'Tarzan' " ; echo htmlspecialchars ( $str , ENT_COMPAT ) ; // Default, only double quotes are encoded echo " <br> " ; echo htmlspecialchars ( $str , ENT_QUOTES ) ; // Encode double quotes and single quotes echo " <br> " ; echo htmlspecialchars ( $str , ENT_NOQUOTES ) ; // Do not encode any quotes ?>The HTML output of the above code is as follows (view source code):
< ! DOCTYPE html > <html> < body > Jane & ' Tarzan' < br > Jane & 'Tarzan' < br > Jane & ' Tarzan ' </ body > </html>The browser output of the above code is as follows:
Jane & 'Tarzan'Jane & 'Tarzan'Jane & 'Tarzan'Convert double quotes to HTML entities:
<?php $str = ' I love "PHP". ' ; echo htmlspecialchars ( $str , ENT_QUOTES ) ; // Encode double quotes and single quotes ?> ;The HTML output of the above code is as follows (view source code):
< ! DOCTYPE html > <html> < body > I love " PHP " . </ body > </html>The browser output of the above code is as follows:
I love "PHP".