PHP htmlspecialchars Function |
The htmlspecialchars function in PHP is used to convert 5 characters into corresponding HTML entities where applicable. It is used to encode user input on a website so that users cannot insert harmful HTML codes into a site.
The syntax of the htmlspecialchars function is:
explode ('string', [quote_style], [character_set], [double_encode])
[quote_style] is used to determine whether to convert double quotes and single quotes. Possible values include:
| Value | Convert Single Quotes | Convert Double Quotes |
| ENT_COMPAT | No | Yes |
| ENT_QUOTES | Yes | Yes |
| ENT_NOQUOTES | No | No |
ENT_COMPAT is the default if quote_style is not specified.
[character_set] is optional and specifies the character set to use. [double_encode] is optional and indicates whether to encode the character for the second time if the character is already encoded. The default is to double encode.
The 5 characters are:
| Character | HTML Entity | Notes |
| & | & | |
| " | " | Depending on how [quote_style] is set |
| ' | ' | Depending on how [quote_style] is set |
| > | > | |
| < | < |
Let's take a look at the examples below:
Example 1
print htmlspecialchars('<br>An example');
Result:
<br>An example
Example 2
print htmlspecialchars('Is "this" true? 3 > 2', ENT_NOQUOTES);
Result:
Is "this" true? 3 > 2
The double quote (") character is preserved because the ENT_NOQUOTES value is set.