PHP htmlspecialchars() Function
Topic: PHP String ReferencePrev|Next
Description
The htmlspecialchars()
function converts characters that have special meaning in the context of HTML to their equivalent HTML entities. The following characters are considered special:
&
(ampersand) converted to&
"
(double quote) converted to"
, unlessENT_NOQUOTES
is set.'
(single quote) converted to'
(forENT_HTML401
, this is default) or'
(forENT_XML1
,ENT_XHTML
orENT_HTML5
), but only whenENT_QUOTES
is set.<
(less than) converted to<
>
(greater than) converted to>
This function typically reverses the effect of htmlspecialchars_decode()
function.
The following table summarizes the technical details of this function.
Return Value: | Returns the converted string. If the input string contains an invalid code sequence within the given charset it will return an empty string, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set. |
---|---|
Version: | PHP 4+ |
Syntax
The basic syntax of the htmlspecialchars()
function is given with:
The following example shows the htmlspecialchars()
function in action.
Example
Run this code »<?php
// Sample string
$str = "It's an <b>amazing</b> story.";
// Converting the string
echo htmlspecialchars($str);
?>
The output of the above example will be (view source to get an idea):
However, in the browser you will see something like this:
Note: The htmlspecialchars()
is identical to htmlentities()
in all ways, except that htmlspecialchars()
only replaces &
, <
, and >
, with option for single and double quotes. But htmlentities()
replaces all characters which can be represented by HTML character entity.
Tip: You can use the get_html_translation_table()
function to return the translation table that is used internally for the htmlspecialchars()
and htmlentities()
functions.
Parameters
The htmlspecialchars()
function accepts the following parameters.
Parameter | Description |
---|---|
string | Required. Specifies the string to convert. |
flags |
Optional. Specifies how to handle quotes, invalid code sequences and which document type to use. You can specify one or more of the following flags. The available flags constants for handling quotes are:
The available flags constants for handling invalid code sequences are:
The available flags constants for specifying the document types are:
The default value for this parameter is |
charset |
Optional. Specifies which character set to use. Supported charsets are:
If this parameter is omitted, it defaults to the value of the |
double_encode | Optional. A Boolean value which specifies whether to encode existing html entities or not. Possible values are true and false . Default value is true which convert everything. |
More Examples
Here're some more examples showing how htmlspecialchars()
function actually works:
The following example demonstrates the handling of single-quotes using this function.
Example
Run this code »<?php
// Sample string
$str = "Let's <b>pack</b> \"bag & baggage\".";
// Convert only <, > & and double-quotes
$a = htmlspecialchars($str);
echo $a; // Let's <b>pack</b> "bag & baggage".
// Convert all special characters
$b = htmlspecialchars($str, ENT_QUOTES);
echo $b; // Let's <b>pack</b> "bag & baggage".
// Convert single quotes to named entity
$c = htmlspecialchars($str, ENT_QUOTES | ENT_HTML5);
echo $c; // Let's <b>pack</b> "bag & baggage".
?>
However, in the browser you will always see the string Let's <b>pack</b> "bag & baggage".
View source (right-click and select View Page Source) of the example output to see the converted string.