PHP htmlentities function

PHP htmlentities function : This function coverts all applicable characters to the HTML entities. It accepts string as input parameter and returns the encoded string.

Let us understand the htmlentities with very basic example – Suppose you have a form and it has a text field textarea and user posts data using this field and you want print each and everything user submits using the form textarea. Suppose he enters raw data like this – <b>Hi its me John</b> now what would happen when user see form data on browser it will show something bold string like this – Hi its me John which is wrong because it should show output like this – <b>Hi its me John</b>.Now to fix this problem convet HTML tags to its equivalent entities. This is done by using the function htmlentities().

for example if you use this –

$string = "<b>Hi its me John</b>";
echo htmlentities($string);

Equivalent html entities will be –

PHP htmlentities function

This will print the output by converting them in entities like – <b>Hi its me John</b<


Note : This function is identical to function htmlspecialchars() almost in all ways except the characters which have HTML entity character entity equivalents are converted to entities.

We are going to explain this function with example and demo.

PHP htmlentities function Syntax

Here is syntax for htmlentities-



Input Parameters

Desription about input parameters of htmlentities-

  • string: This is required input parameter which needs to be encoded.
  • flags:This is optional input parameter which handles single and double quotes. Here are following quote style-
    • ENT_COMPAT : This is default. Converts/Encodes only Double Quotes
    • ENT_QUOTES : This Decodes Both Single and Double Quotes.
    • ENT_NOQUOTES : Encodes neither Single nor Double Quotes.
  • char-set: This is optional parameter. This is basically used to decide which character set to use.
    • UTF-8 : This is Default ASCII Compatible Multi byte 8-bit Unicode.
    • ISO-8859-1 : Western European, Latin-1.
    • ISO-8859-15 : Western European, Latin-9
    • cp866: DOS-specific Cyrillic charset
    • cp1251 : Windows-specific Cyrillic charset.
    • cp1252 : Windows specific charset for Western European
    • KOI8-R : Russian.
    • BIG5 : Traditional Chinese, Specially used in Taiwan.
    • GB2312 : National standard character set.
    • BIG5-HKSCS : Traditional Chinese.
    • Shift_JIS SJIS, SJIS-win, cp932, 932 Japanese
    • EUC-JP :Japanese
    • MacRoman : Charset that was used by Mac OS.
  • double_encode: This is optional parameter which decides whether to encode existing htmlentitis or not. It accepts TRUE and FALSE as parameter.
    • TRUE: Convert Everything.
    • FALSE: Do not convert existing htmlentities.

Return Parameter

Returns the encoded string on the basis of the flags,char-set and double_encode parameters which are optional but plays and important role while encoding process. Here are some example which will make the things more clear about the PHP htmlentities function.

PHP htmlentities function

Here is very basic example of htmlentities function-

html entities function Example:

$string = "<Tutorialsplane Learn Easy!>. Learn 'More' here <b>now</b>";
echo htmlentities($string);

Try It »

If you run the above example it produce the following output as below-

PHP htmlentities function

Note : The above image is HTML output. For Browser output click the below try button.

Try It »

The browser output will be something like this-

Html entities function example

More Examples

Let’s have look over more example and demo here.

htmlentities Example with ENT_COMPAT,ENT_QUOTES & ENT_NOQUOTES

htmlentities Example:

$string = "'Tutorialsplane Learn Easy!' &  Learn 'More' here <b>now</b>";
echo htmlentities($string,ENT_COMPAT)."<br>";
echo htmlentities($string,ENT_QUOTES )."<br>";
echo htmlentities($string,ENT_NOQUOTES)."<br>";

Try It »

The HTML Output of the above example is –

Html entities in php

The Browser Output of the above example is –

Php Htmlentities function browser output

If You want reverse of this function just use –

Learn More – html_entity_decode function

Secure Your Application Using htmlentities

Let us take a very important example which every developer should know and use while working with input fields and storing them in database and displaying them on front end.

Consider you have used htmlentities while displaying data in front end and someone inserts a few lines of javascript to redirect to some other location such as –

Unsafe Data in Html:

<script type="text/javascrit">
window.location = '';

What would happen if this code is not encoded ?? it will consider that you have inserted above piece of javascript in html which will always redirect to the given url instead of printing the above code.

To fix the above problem use htmlentites which convet HTML tags to entities and will print instead on redirecting.

If you use html entities it will convert the above code as –

html entites

So now your html data is secure which will now print the below data instead of redirecting to another url-

<script type="text/javascrit">
window.location = '';


Add Comment

📖 Read More