PHP String htmlspecialchars() Function

The htmlspecialchars() function converts special characters into HTML entities. It is the in-built function of PHP, which converts all pre-defined characters to the HTML entities. The pre-defined characters are:

  • & (ampersand) converted as &
  • " (double quote) converted as "
  • ' (single quote) converted as '
  • < (less than) converted as &lt;
  • > (greater than) converted as &gt;

There is a string function htmlspecialchars_decode(), which is reverse of the htmlspecialchars() function. The main purpose of htmlspecialchars_decode() function is to convert special HTML entities back to characters. htmlspecialchars() and htmlspecialchars_decode() function are opposite to each other. The syntax of the htmlspecialchars() function is given below:

Syntax:

Parameters

$string: This parameter is contains the input string.

$flags: Basically, this parameter is used to hold the one or more flags from following, which specify how to handle invalid code unit sequences, quotes, and the used document type. ENT_COMPAT | ENT_HTML401 is by default. The available flags constants are given below in the table:

Available flags constants

Constant NameDescription
ENT_IGNOREIt discards invalid code unit sequence instead of returning an empty string.
ENT_QUOTESIt converts both single and double-quotes.
ENT_NOQUOTESIt does not convert any string as it leaves both single and double-quotes unconverted.
ENT_SUBSTITUDEIt replaces invalid code unit sequence with Unicode replacement character U+FFFD (UTF-8) or &#FFFD instead of returning an empty string.
ENT_DISALLOWEDInstead of leaving the invalid code points as it is, it replaces them for the given document type with a Unicode Replacement Character.
ENT_HTML401It handles code as HTML 4.01 version.
ENT_XML1It handles code as XML 1.
ENT_XHTMLIt handles code as XHTML.
ENT_HTML5It handles code as HTML5.

$encoding: It is an optional parameter, which defines the encoding which is used when characters are converted. The default value of encoding varies on PHP versions.

In PHP 5.6 and above versions, the default_charset configuration option is used as a default value, whereas PHP 5.4 and 5.5 uses UTF-8.

$double_encode: PHP cannot encode existing HTML entities when the double_encode is turned off. The default is to convert everything.

Description

There are some characters which have special significance in HTML and must be represented by the HTML entities if they need to preserve their meanings. The htmlspecialchars() function returns a string with these conversions made. If we need all input substrings that have associated named entities to be translated, then use htmlentities() function instead of htmlspecialchars().

Value returned by htmlspecialchars()

It returns converted string, and if the input string is invalid or contains invalid code sequence, then it will return an empty string.

Examples of htmlspecialchars()

Below some example are given for htmlspecialchars() function.

Example 1

Browser Output

The output which is given below is the browser output of the code.

PHP String htmlspecialchars() Function

HTML Output

HTML output for the above program will be like-

PHP String htmlspecialchars() Function

HTML output can be seen in the view source file of the browser. Open the Browser -> More tools -> Developer tools-> source, and press Ctrl+P to open view source file.

PHP String htmlspecialchars() Function

Example 2

Browser Output

The output which is given below is the browser output of the code.

PHP String htmlspecialchars() Function

HTML Output

We can see the HTML output of the above program from view source in the browser, i.e., Browser -> More tools -> Developer tools-> source, and press Ctrl+P to open view source file.

PHP String htmlspecialchars() Function

Example 3

Browser Output

Output on browsers for the above program would be like as given below:

PHP String htmlspecialchars() Function

HTML Output

The HTML output for the following program will be shown as in the given screenshot below.

PHP String htmlspecialchars() Function

The above example would look in HTML file like -

Difference between htmlspecialchars() and htmlentities() function

The only difference between htmlspecialchars() and htmlentities() function is that htmlspecialchars() function converts the special characters to HTML entities, whereas htmlentities() function converts all the applicable characters to html entities.






Latest Courses