What is the use of htmlspecialchars in php?
❮ PHP String Reference Show ExampleConvert the predefined characters "<" (less than) and ">" (greater than) to HTML entities: $str = "This is some bold text."; The HTML output of the code above will be (View Source):
This is some <b>bold</b> text. The browser output of the code above will be: This is some bold text. Try it Yourself » Definition and UsageThe htmlspecialchars() function converts some predefined characters to HTML entities. The predefined characters are:
Tip: To convert special HTML entities back to characters, use the htmlspecialchars_decode() function. Syntaxhtmlspecialchars(string,flags,character-set,double_encode) Parameter Values
Technical Details
More ExamplesExampleConvert some predefined characters to HTML entities: $str = "Jane & 'Tarzan'"; The HTML output of the code above will be (View Source):
Jane & 'Tarzan' Jane & 'Tarzan' Jane & 'Tarzan' The browser output of the code above will be: Jane & 'Tarzan' Try it Yourself » ExampleConvert double quotes to HTML entities: $str = 'I love "PHP".'; The HTML output of the code above will be (View Source):
I love "PHP". The browser output of the code above will be: I love "PHP". Try it Yourself » ❮ PHP String Reference What does Htmlspecialchars return?The htmlspecialchars() function returns the converted string.
What's the difference between HTML entities () and htmlspecialchars ()?Difference between htmlentities() and htmlspecialchars() function: The only difference between these function is that htmlspecialchars() function convert the special characters to HTML entities whereas htmlentities() function convert all applicable characters to HTML entities.
Does Htmlspecialchars prevent XSS?Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS. This process is also known as HTML Escaping.
What is use of HTML entities in PHP?Definition and Usage
The htmlentities() function converts characters to HTML entities. Tip: To convert HTML entities back to characters, use the html_entity_decode() function. Tip: Use the get_html_translation_table() function to return the translation table used by htmlentities().
|