PHP htmlspecialchars() function

Example

Convert predefined characters "<" (less than) and ">" (greater than) to HTML entities:

<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>

Hieronder ziet u de HTML-uitvoer van de bovenstaande code (bekijk de broncode):

<!DOCTYPE html>
<html>
<body>
This is some <b>bold</b> text.
</body>
</html>

Hieronder ziet u de browseruitvoer van de bovenstaande code:

This is some <b>bold</b> text.

Uitvoervoorbeeld

Definition and usage

The htmlspecialchars() function converts predefined characters to HTML entities.

Predefined characters are:

  • & (ampersand) becomes &
  • " (double quote) becomes "
  • ' (single quote) becomes '
  • < (less than) becomes <
  • > (greater than) becomes >

Tip:To convert special HTML entities back to characters, use htmlspecialchars_decode() Function.

Syntax

htmlspecialchars(string,flags,character-set,double_encode)
Parameters Description
string Required. Specifies the string to be converted.
flags

Optional. Specifies how to handle quotes, invalid encoding, and which document type to use.

Available quote types:

  • ENT_COMPAT - Default. Encode double quotes only.
  • ENT_QUOTES - Encode both double and single quotes.
  • ENT_NOQUOTES - Do not encode any quotes.

Invalid encoding:

  • ENT_IGNORE - Ignore invalid encoding instead of returning an empty string. It should be avoided as it may have security implications.
  • ENT_SUBSTITUTE - Substitute invalid encoding with a specified character that includes the Unicode replacement character U+FFFD (UTF-8) or &#FFFD;, rather than returning an empty string.
  • ENT_DISALLOWED - Substitute invalid code points in the specified document type with the Unicode replacement character U+FFFD (UTF-8) or &#FFFD;.

Additional flags for specifying the document type used:

  • ENT_HTML401 - Default. Process code as HTML 4.01.
  • ENT_HTML5 - Process code as HTML 5.
  • ENT_XML1 - Process code as XML 1.
  • ENT_XHTML - Process code as XHTML.
character-set

Optional. A string that specifies the character set to be used.

Allowed values:

  • UTF-8 - Default. ASCII-compatible 8-bit Unicode
  • ISO-8859-1 - Western Europe
  • ISO-8859-15 - Western Europe (includes euro symbol + missing French and Finnish letters in ISO-8859-1)
  • cp866 - DOS-specific Cyrillic character set
  • cp1251 - Windows-specific Cyrillic character set
  • cp1252 - Windows-specific Western European character set
  • KOI8-R - Russian
  • BIG5 - Traditional Chinese, mainly used in Taiwan
  • GB2312 - Simplified Chinese, national standard character set
  • BIG5-HKSCS - Big5 with Hong Kong extension
  • Shift_JIS - Japanese
  • EUC-JP - Japanese
  • MacRoman - Character set used by the Mac operating system

Note:In versions of PHP prior to 5.4, unrecognized character sets were ignored and replaced by ISO-8859-1. Starting from PHP 5.4, unrecognized character sets are ignored and replaced by UTF-8.

double_encode

Optional. Boolean value, specifies whether to encode existing HTML entities.

  • TRUE - Default. Converts each entity by default.
  • FALSE - Will not encode existing HTML entities.

Technical details

Return value:

Returns the converted string.

If string If the string contains invalid encoding, an empty string is returned unless ENT_IGNORE or ENT_SUBSTITUTE flags are set.

PHP version: 4+
Update log:

In PHP 5,character-set The default parameter value has been changed to UTF-8.

In PHP 5.4, the following were added: ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5, ENT_XML1 and ENT_XHTML.

In PHP 5.3, ENT_IGNORE was added.

In PHP 5.2.3, a new feature was added: double_encode Parameters.

In PHP 4.1 is er een nieuwe character-set Parameters.

Meer voorbeelden

Voorbeeld 1

Convert some predefined characters to HTML entities:

<?php
$str = "Bill & 'Steve'";
echo htmlspecialchars($str, ENT_COMPAT); // Only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Convert double quotes and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Do not convert any quotes
?>

Hieronder ziet u de HTML-uitvoer van de bovenstaande code (bekijk de broncode):

<!DOCTYPE html>
<html>
<body>
Bill & 'Steve'<br>
Bill & 'Steve'<br>
Bill & 'Steve'
</body>
</html>

Hieronder ziet u de browseruitvoer van de bovenstaande code:

Bill & 'Steve'
Bill & 'Steve'
Bill & 'Steve'

Uitvoervoorbeeld

Voorbeeld 2

Convert double quotes to HTML entities:

<?php
$str = 'I love "PHP".';
echo htmlspecialchars($str, ENT_QUOTES); // Convert double quotes and single quotes
?>

Hieronder ziet u de HTML-uitvoer van de bovenstaande code (bekijk de broncode):

<!DOCTYPE html>
<html>
<body>
Ik hou van "PHP".
</body>
</html>

Hieronder ziet u de browseruitvoer van de bovenstaande code:

Ik hou van "PHP".

Uitvoervoorbeeld