PHP htmlspecialchars() Function
PHP String Reference
Example
Convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities:
<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>
The HTML output of the code above will be (View Source):
<!DOCTYPE html>
<html>
<body>
This is some <b>bold</b> text.
</body>
</html>
The browser output of the code above will be:
This is some <b>bold</b> text.
Run example »
Definition and Usage
The htmlspecialchars() function converts some predefined characters to HTML entities.
The predefined characters are:
- & (ampersand) becomes &
- " (double quote) becomes "
- ' (single quote) becomes '
- < (less than) becomes <
- > (greater than) becomes >
Tip: To convert special HTML entities back to characters,
use the
htmlspecialchars_decode()
function.
Syntax
htmlspecialchars(string,flags,character-set,double_encode)
Parameter |
Description |
string |
Required. Specifies the string to convert |
flags |
Optional. Specifies how to handle quotes, invalid encoding
and the used document type. The available quote styles
are:
- ENT_COMPAT - Default. Encodes only double quotes
- ENT_QUOTES - Encodes double and single quotes
- ENT_NOQUOTES - Does not encode any quotes
Invalid encoding:
- ENT_IGNORE - Ignores invalid encoding instead of having the function
return an empty string. Should be avoided, as it may have security
implications.
- ENT_SUBSTITUTE - Replaces invalid encoding for a specified character
set with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;
instead of returning an empty string.
- ENT_DISALLOWED - Replaces code points that are
invalid in the specified doctype with a Unicode Replacement Character
U+FFFD (UTF-8) or &#FFFD;
Additional flags for specifying the used doctype:
- ENT_HTML401 - Default. Handle code as HTML 4.01
- ENT_HTML5 - Handle code as HTML 5
- ENT_XML1 - Handle code as XML 1
- ENT_XHTML - Handle code as XHTML
|
character-set |
Optional. A string that specifies which character-set to
use. Allowed values are:
- UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode
- ISO-8859-1 - Western European
- ISO-8859-15 - Western European (adds the Euro sign + French
and Finnish letters missing in ISO-8859-1)
- cp866 - DOS-specific Cyrillic charset
- cp1251 - Windows-specific Cyrillic charset
- cp1252 - Windows specific charset for Western European
- KOI8-R - Russian
- BIG5 - Traditional Chinese, mainly used in Taiwan
- GB2312 - Simplified Chinese, national standard character set
- BIG5-HKSCS - Big5 with Hong Kong extensions
- Shift_JIS - Japanese
- EUC-JP - Japanese
- MacRoman - Character-set that was used by Mac OS
Note: Unrecognized character-sets will be ignored and replaced by
ISO-8859-1 in versions prior to PHP 5.4. As of PHP 5.4, it will be ignored
an replaced by UTF-8.
|
double_encode |
Optional. A boolean value that specifies whether to encode existing html
entities or not.
- TRUE - Default. Will convert everything
- FALSE - Will not encode existing html entities
|
Technical Details
Return Value: |
Returns the converted string
If
the string contains invalid encoding, it will return an empty
string, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set |
PHP Version: |
4+ |
Changelog: |
The default value for the character-set parameter was changed
to UTF-8 in PHP 5
ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5,
ENT_XML1 and ENT_XHTML were added in PHP 5.4
ENT_IGNORE was added in
PHP 5.3
The double_encode parameter was added in PHP 5.2.3
The character-set parameter was added in PHP 4.1 |
More Examples
Example 1
Convert some predefined characters to HTML entities:
<?php
$str = "Jane & 'Tarzan'";
echo htmlspecialchars($str, ENT_COMPAT); // Will only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>
The HTML output of the code above will be (View Source):
<!DOCTYPE html>
<html>
<body>
Jane & 'Tarzan'<br>
Jane & 'Tarzan'<br>
Jane & 'Tarzan'
</body>
</html>
The browser output of the code above will be:
Jane & 'Tarzan'
Jane & 'Tarzan'
Jane & 'Tarzan'
Run example »
Example 2
Convert double quotes to HTML entities:
<?php
$str = 'I love "PHP".';
echo htmlspecialchars($str, ENT_QUOTES);
// Converts double and single quotes
?>
The HTML output of the code above will be (View Source):
<!DOCTYPE html>
<html>
<body>
I love "PHP".
</body>
</html>
The browser output of the code above will be:
I love "PHP".
Run example »
PHP String Reference
Color Picker