htmlspecialchars Convert special characters to HTML entities &reftitle.description; stringhtmlspecialchars stringstring intflagsENT_COMPAT | ENT_HTML401 stringencoding'UTF-8' booldouble_encodetrue Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities instead. If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document. If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and htmlentities (which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use mb_encode_numericentity instead. The translations performed are: '&' (ampersand) becomes '&amp;' '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set. "'" (single quote) becomes '&#039;' (or &apos;) only when ENT_QUOTES is set. '<' (less than) becomes '&lt;' '>' (greater than) becomes '&gt;' &reftitle.parameters; string The string being converted. flags A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is ENT_COMPAT | ENT_HTML401. Constant Name Description ENT_COMPAT Will convert double-quotes and leave single-quotes alone. ENT_QUOTES Will convert both double and single quotes. ENT_NOQUOTES Will leave both double and single quotes unconverted. ENT_IGNORE Silently discard invalid code unit sequences instead of returning an empty string. Using this flag is discouraged as it may have security implications. ENT_SUBSTITUTE Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string. ENT_DISALLOWED Replace invalid code points for the given document type with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of leaving them as is. This may be useful, for instance, to ensure the well-formedness of XML documents with embedded external content. ENT_HTML401 Handle code as HTML 4.01. ENT_XML1 Handle code as XML 1. ENT_XHTML Handle code as XHTML. ENT_HTML5 Handle code as HTML 5. encoding Defines encoding used in conversion. If omitted, the default value for this argument is ISO-8859-1 in versions of PHP prior to 5.4.0, and UTF-8 from PHP 5.4.0 onwards. For the purposes of this function, the encodings ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, provided the string itself is valid for the encoding, as the characters affected by htmlspecialchars occupy the same positions in all of these encodings. &reference.strings.charsets; double_encode When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything. &reftitle.returnvalues; The converted string. If the input string contains an invalid code unit sequence within the given encoding an empty string will be returned, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set. &reftitle.changelog; &Version; &Description; 5.4.0 The default value for the encoding parameter was changed to UTF-8. 5.4.0 The constants ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_XML1, ENT_XHTML and ENT_HTML5 were added. 5.3.0 The constant ENT_IGNORE was added. 5.2.3 The double_encode parameter was added. 4.1.0 The encoding parameter was added. &reftitle.examples; Test", ENT_QUOTES); echo $new; // <a href='test'>Test</a> ?> ]]> &reftitle.notes; Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities. &reftitle.seealso; get_html_translation_table htmlspecialchars_decode strip_tags htmlentities nl2br