PHP htmlspecialchars Function


PHP htmlspecialchars Function : It converts Special Characters to HTML entities. This function returns the converted result as string. This function has its own significance and used frequently. The opposite of this functions is htmlspecialchars_decode(). We are going to explain this example with example and demo.

Let us understand the htmlspecialchars with very basic example – We have some raw data like this – <b>Hi it’s me John</b> now what would happen when user see form data on browser it will show something bold string like this – Hi it’s me John which is wrong because it should show output like this – <b>Hi it’s me John</b> . Now to fix this problem convert HTML tags to its equivalent entities. This is done by using the function htmlspecialchars().


PHP htmlspecialchars Function Syntax

It Converts the following HTML Characters only –

  • &(ampersand) = &
  • ” (double quote) = "
  • ‘ (single quote) = '
  • < (less than) = <
  • > (greater than) = >

Here is syntax for the function htmlspecialchars

Syntax

htmlspecialchars(string,flags,char-set,double_encode)

Input Parameters

  • string: String to be converted.
  • flag:flag is optional . This is basically used to specify how to handle the quotes and which document type use.

Here are following flags available-

  • ENT_COMPAT : This is default. Encodes only Double Quotes
  • ENT_QUOTES : This Encodes Both Single and Double Quotes.
  • ENT_NOQUOTES : Encodes neither Single nor Double Quotes.
  • ENT_IGNORE : Ignore invalid code unit sequences instead of returning empty string.
  • ENT_SUBSTITUTE : Replace invalid code unit sequence with a unicode replacement
    charecter U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string
  • ENT_DISALLOWED : Replace invalid code points in the given document type with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;.
  • ENT_HTML401 : Handle code as HTML 4.01.
  • ENT_XML1 : Handle code as XML 1.
  • ENT_XHTML : Handle code as XHTML.
  • ENT_HTML5 : Handle code as HTML 5.
  • char-set: This is optional parameter. This is basically used to decide which character set to use.
    • UTF-8 : This is Default ASCII Compatible Multi byte 8-bit Unicode.
    • ISO-8859-1 : Western European, Latin-1.
    • ISO-8859-15 : Western European, Latin-9
    • cp866: DOS-specific Cyrillic charset
    • cp1251 : Windows-specific Cyrillic charset.
    • cp1252 : Windows specific charset for Western European
    • KOI8-R : Russian.
    • BIG5 : Traditional Chinese, Specially used in Taiwan.
    • GB2312 : National standard character set.
    • BIG5-HKSCS : Traditional Chinese.
    • Shift_JIS SJIS, SJIS-win, cp932, 932 Japanese
    • EUC-JP :Japanese
    • MacRoman : Charset that was used by Mac OS.
  • double_encode: This is optional parameter which decides whether to encode existing htmlentitis or not. It accepts TRUE and FALSE as parameter.
    • TRUE: Encode Everything.
    • FALSE: Do not encode existing htmlentities.

Return Values

This function returns the encodeed string.

Php Version

Supports in php 4+

PHP htmlspecialchars function example

PHP htmlspecialchars function example with single quotes

$string = "<b>Hi it's me John</b>";
echo htmlspecialchars($string);

Try it »

Above Example will produce following output-

HTML Output

PHP htmlspecialchars function example

Browser Output

PHP htmlspecialchars function example

PHP htmlspecialchars function example

PHP htmlspecialchars function example with double quotes

$string = '<b>"Hello World"</b>';
echo htmlspecialchars($string);

Try it »

HTML Output

PHP htmlspecialchars function example

Browser Output

PHP htmlspecialchars example

Note : Using htmlspecialchars is good practice. Use this when working with data output or working with characters and entities.

More About htmlspecialchars Funtion

Let’s have some more information about this function.


PHP htmlspecialchars vs htmlentities

The difference between htmlspecialchars and entities is given below-

  • htmlentities — Converts/Encodes all applicable characters to HTML entities.
  • htmlspecialchars — Converts/Encodes only special characters to HTML entities.
  • htmlspecialchars does not converts all characters having their html equivalent.
  • If output is XML you can’t use HTML entities in a XML file.
  • htmlentities converts more characters than htmlspecialshars so htmlspecialchars is more efficient.
  • If your page have encoding ASCII or LATIN-1 use htmlentities else use htmlspecialchars.

Read full documentations about htmlentities with example and demo – htmlentities

Tip : Use both the functions where they are needed because both have different efficiency.

PHP htmlspecialchars reverse

If want to perform reverse operation of htmlspecialchars use – htmlspecialchars_decode.

Try Video Demo – All In One Video for this method –

PHP htmlspcialchars function Video Demo –


Advertisements

Add Comment

📖 Read More