Computer >> Computer tutorials >  >> Programming >> PHP

htmlspecialchars() function in PHP

The htmlspecialchars() function is used to convert special characters to HTML entities.

The predefined characters are −

  • & (ampersand) becomes & amp;
  • " (double quote) becomes & quot;
  • ' (single quote) becomes & #039;
  • < (less than) becomes & lt;
  • > (greater than) becomes & gt;

Syntax

htmlspecialchars(str,flags,character-set,double_encode)

Parameters

  • str  − The string to convert.

  • flags  −How to handle quotes, invalid encoding and the used document type.

  • The following are the available quote styles −

    • ENT_COMPAT  − Default. Encodes only double quotes

    • ENT_QUOTES  − Encodes double and single quotes

    • ENT_NOQUOTES  − Does not encode any quotes

  • Invalid encoding −

    • ENT_IGNORE  − Ignores invalid encoding instead of having the function return an empty string. Should be avoided, as it may have security implications.

    • ENT_SUBSTITUTE  − Replaces invalid encoding for a specified character set with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string.

    • ENT_DISALLOWED  − Replaces code points that are invalid in the specified doctype with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;

  • The following are the additional flags for specifying the used doctype −

    • ENT_HTML401  − Default. Handle code as HTML 4.01

    • ENT_HTML5  − Handle code as HTML 5

    • ENT_XML1  − Handle code as XML 1

    • ENT_XHTML  − Handle code as XHTML

  • character-set − The character-set to use

  • The following are the allowed values are −

    • UTF-8  − Default. ASCII compatible multi-byte 8-bit Unicode

    • ISO-8859-1  − Western European

    • ISO-8859-15  − Western European (adds the Euro sign + French and Finnish letters missing in ISO-8859-1)

    • cp866  − DOS-specific Cyrillic charset

    • cp1251  − Windows-specific Cyrillic charset

    • cp1252  − Windows specific charset for Western European

    • KOI8-R  − Russian

    • BIG5  − Traditional Chinese, mainly used in Taiwan

    • GB2312  − Simplified Chinese, national standard character set

    • BIG5-HKSCS  − Big5 with Hong Kong extensions

    • Shift_JIS  − Japanese

    • EUC-JP  − Japanese

    • MacRoman  − Character-set that was used by Mac OS

  • double_encode − A boolean value that specifies whether to encode existing html entities or not.

    • TRUE  − Default. Will convert everything

    • FALSE  − Will not encode existing html entities

Return

The htmlspecialchars() function returns the converted string.

Example

The following is an example −

<?php
$res = htmlspecialchars("<a href='mylink' rel=”nofollow”><strong>Demo</strong></a>", ENT_QUOTES);
echo $res //
?>

Output

& lt;a href=& #039;mylink& #039; rel=”nofollow”& gt;& lt;strong& gt;Demo& lt;/strong& gt;& lt;/a >