Definition
The htmlspecialchars() function converts some predefined characters to HTML entities.
Predefined characters:
-
&
(ampersand) becomes&
; -
"
(double quote) becomes"
; -
'
(single quote) becomes'
; -
<
(less than) becomes<
; -
>
(greater than) becomes>
;
Syntax
htmlspecialchars(string, flags, character-set, double_encode)
Parameters
Parameter | Description |
---|---|
string |
Required. Specifies the string to convert. |
flags |
Optional. Specifies how to handle quotes, invalid encoding and the used document type. The available quote styles are:ENT_COMPAT - Default. Encodes only double quotesENT_QUOTES - Encodes double and single quotesENT_NOQUOTES - Does not encode any quotesInvalid encoding: ENT_IGNORE - Ignores invalid encoding instead of having the function return an empty string. Should be avoided, as it may have security implications.ENT_SUBSTITUTE - Replaces invalid encoding for a specified character set with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string.ENT_DISALLOWED - Replaces code points that are invalid in the specified doctype with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;Additional flags for specifying the used doctype: ENT_HTML401 - Default. Handle code as HTML 4.01ENT_HTML5 - Handle code as HTML 5ENT_XML1 - Handle code as XML 1ENT_XHTML - Handle code as XHTML |
character-set |
Optional. A string that specifies which character-set to use. Allowed values:UTF-8 - Default. ASCII compatible multi-byte 8-bit UnicodeISO-8859-1 - Western EuropeanISO-8859-15 - Western European (adds the Euro sign + French and Finnish letters missing in ISO-8859-1)cp866 - DOS-specific Cyrillic charsetcp1251 - Windows-specific Cyrillic charsetcp1252 - Windows specific charset for Western EuropeanKOI8-R - RussianBIG5 - Traditional Chinese, mainly used in TaiwanGB2312 - Simplified Chinese, national standard character setBIG5-HKSCS - Big5 with Hong Kong extensionsShift_JIS - JapaneseEUC-JP - JapaneseMacRoman - Character-set that was used by Mac OS |
double_encode |
Optional. A boolean value that specifies whether to encode existing html entities or not.true - Default. Will convert everythingfalse - Will not encode existing html entities |
Example
<?php
$str = "This text is <b>bold</b>.";
echo $str . "<br>";
echo htmlspecialchars($str) . "<br>";