Latest web development tutorials

PHP htmlspecialchars () function

PHP String Reference PHP String Reference

Examples

The predefined characters "<" (less than) and ">" (greater than) converted to HTML entities:

<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>

HTML output of the code above is as follows (view source):

<!DOCTYPE html>
<html>
<body>
This is some &lt;b&gt;bold&lt;/b&gt; text.
</body>
</html>

Browser output of the code above is as follows:

This is some <b>bold</b> text.

Running instance »

Definition and Usage

htmlspecialchars () function to some predefined characters into HTML entities.

The predefined characters are:

  • & (Ampersand) becomes & amp;
  • "(Double quote) becomes & quot;
  • '(Single quote) becomes'
  • <(Less than) becomes & lt;
  • > (Greater than) becomes & gt;

Tip: To get special HTML entities back to character, use htmlspecialchars_decode () function.


grammar

htmlspecialchars( string,flags,character-set,double_encode )

parameter description
string Required. Provisions of string to be converted.
flags Optional. How to deal with the provisions of the quotes, invalid encoding and which document types.

Available types of quotes:

  • ENT_COMPAT - default. Encoding only double quotes.
  • ENT_QUOTES - Coding double and single quotes.
  • ENT_NOQUOTES - does not encode any quotes.

Invalid code:

  • ENT_IGNORE - ignore invalid coding, rather than the function returns an empty string. It should be avoided, as this may affect the safety.
  • ENT_SUBSTITUTE - to replace the invalid encoding with Unicode replacement character U + FFFD (UTF-8) or & # FFFD a designated; character instead of returning an empty string.
  • ENT_DISALLOWED - the alternative to specify the type of document invalid Unicode code point into substitute character U + FFFD (UTF-8) or & # FFFD ;.

Document types require the use of additional flags:

  • ENT_HTML401 - default. As HTML 4.01 handling code.
  • ENT_HTML5 - handling code as HTML 5.
  • ENT_XML1 - as XML 1 handling code.
  • ENT_XHTML - as XHTML handling code.
character-set Optional. A string that specifies the character set to be used.

Allowed values:

  • UTF-8 - default. ASCII compatible multi-byte Unicode 8
  • ISO-8859-1 - Western Europe
  • ISO-8859-15 - Western Europe (to join the euro symbol + ISO-8859-1 in the French and Finnish letters missing)
  • cp866 - DOS dedicated Cyrillic character set
  • cp1251 - Windows specific Cyrillic character set
  • cp1252 - Windows specific Western European character sets
  • KOI8-R - Russian
  • BIG5 - Traditional Chinese, mainly used in Taiwan
  • GB2312 - Simplified Chinese, national standard character set
  • BIG5-HKSCS - Big5 with Hong Kong extensions
  • Shift_JIS - Japanese
  • EUC-JP - Japanese
  • MacRoman - character set used by the Mac operating system

Note: In the previous version 5.4 PHP, can not be recognized set of characters will be ignored by the ISO-8859-1 instead.Since PHP 5.4 onwards, the character set can not be identified will be ignored by the UTF-8 instead.

double_encode Optional. A Boolean value that specifies whether the encoding existing HTML entities.
  • TRUE - default. It will convert each entity.
  • FALSE - has no effect on existing HTML entity encoded.

technical details

return value: Returns the converted string.

If the string contains invalid code, an empty string is returned, unless the ENT_IGNORE or ENT_SUBSTITUTE flag.
PHP version: 4+
Update log: In PHP 5, default value character-set parameters to UTF-8.

In PHP 5.4, and added: ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5, ENT_XML1 and ENT_XHTML.

In PHP 5.3, add the ENT_IGNORE.

In PHP 5.2.3, add the double_encode parameters.

In PHP 4.1, add the character-set parameters.


More examples

Example 1

Some predefined characters into HTML entities:

<?php
$str = "Jane & 'Tarzan'";
echo htmlspecialchars($str, ENT_COMPAT); // Will only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>

HTML output of the code above is as follows (view source):

<!DOCTYPE html>
<html>
<body>
Jane &amp; 'Tarzan'<br>
Jane &amp; 'Tarzan'<br>
Jane &amp; 'Tarzan'
</body>
</html>

Browser output of the code above is as follows:

Jane & 'Tarzan'
Jane & 'Tarzan'
Jane & 'Tarzan'

Running instance »

Example 2

The double quotes into HTML entities:

<?php
$str = 'I love "PHP".';
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
?>

HTML output of the code above is as follows (view source):

<!DOCTYPE html>
<html>
<body>
I love &quot;PHP&quot;.
</body>
</html>

Browser output of the code above is as follows:

I love "PHP".

Running instance »


PHP String Reference PHP String Reference