English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية

PHP Basic Tutorial

PHP Advanced Tutorial

PHP & MySQL

PHP Reference Manual

PHP htmlspecialchars() Function Usage and Example

   PHP String Functions Manual

    The htmlspecialchars() function is used to convert special characters to HTML entities.

Syntax

string htmlspecialchars(string $string[, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset")[, bool $double_encode = true]])

Definition and usage

Used to convert special characters to HTML entities

Return value

It returns the converted string (string).
If the specified encoding 'encoding' contains invalid code unit sequences in 'string', and no ENT_IGNORE or ENT_SUBSTITUTE flags are set, an empty string will be returned.

The predefined characters are:

  • & (ampersand) becomes &

  • " (double quote) becomes "

  • ' (single quote) becomes '

  • < (less than) becomes <

  • > (greater than) becomes >

Note:To convert special HTML entities back to characters, use htmlspecialchars_decode() Function.

Parameter

Serial numberParameters and descriptions
1

string

Required. It contains information about the input string

2

flags

Optional. Specify how to handle quotes, invalid encodings, and which document type to use.

Available quote types:

  • ENT_COMPAT - Default. Only encode double quotes.

  • ENT_QUOTES - Encode double quotes and single quotes.

  • ENT_NOQUOTES - Do not encode any quotes.

Invalid encoding:

  • ENT_IGNORE - Ignore invalid encodings instead of returning an empty string from the function. It should be avoided as it may affect security.

  • ENT_SUBSTITUTE - Replace invalid encoding with a specified Unicode replacement character U+FFFD(UTF-8) or &#FFFD; characters, rather than returning an empty string.

  • ENT_DISALLOWED - Replace invalid code points in the specified document type with Unicode replacement character U+FFFD(UTF-8) or &#FFFD;.

Specify additional flags for the document type used.

  • ENT_HTML401 - Default. As HTML 4.01 Handling code.

  • ENT_HTML5 - As HTML 5 Handling code.

  • ENT_XML1 - As XML 1 Handling code.

  • ENT_XHTML - As XHTML handling code.

3

encoding

It is an optional parameter that defines the encoding used when converting characters.

Allowed values:

  • UTF-8 - Default. ASCII compatible multi-byte 8 Bit Unicode

  • ISO-8859-1 - Western European

  • ISO-8859-15 - Western European (including Euro symbol + ISO-8859-1 French and Finnish letters lost in Chinese

  • cp866 - DOS专用 Cyrillic character set

  • cp1251 - Windows专用 Cyrillic character set

  • cp1252 - Windows专用 Western European character set

  • KOI8-R - Russian

  • BIG5 - Traditional Chinese, mainly used in Taiwan

  • GB2312 - Simplified Chinese, National Character Set

  • BIG5-HKSCS - Big5 with Hong Kong extension5

  • Shift_JIS - Japanese

  • EUC-JP - Japanese

  • MacRoman - Character set used by the Mac operating system

Note:In PHP 5.4 earlier versions, unrecognized character sets are ignored and replaced by ISO-8859-1 Replace with. Since PHP 5.4 Starting with PHP-8 Replace with.

4

double_encode

A boolean value that specifies whether existing HTML entities should be encoded.

  • TRUE - Default. Converts each entity.

  • FALSE - It will not encode existing HTML entities.

Online Example

Try the following example, converting predefined characters to HTML entities:

<?php
   //Convert predefined characters to HTML entities, encoding double quotes and single quotes
   $input = htmlspecialchars("<a href='https://www.oldtoolbag.com'>w3codebox</a>"
   echo $input;
?>
Test and see‹/›

Output Result-

<a href='https://www.oldtoolbag.com'>w3codebox</a>

PHP String Functions Manual

PHP CURL FunctionsPHP OpenSSL Functions