htmlspecialchars
Convert special characters to HTML entities
&reftitle.description;
stringhtmlspecialchars
stringstring
intflagsENT_COMPAT | ENT_HTML401
stringcharset
booldouble_encodetrue
Certain characters have special significance in HTML, and should
be represented by HTML entities if they are to preserve their
meanings. This function returns a string with some of these
conversions made; the translations made are those most
useful for everyday web programming. If you require all HTML
character entities to be translated, use
htmlentities instead.
This function is useful in preventing user-supplied text from
containing HTML markup, such as in a message board or guest book
application.
The translations performed are:
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES
is not set.
"'" (single quote) becomes ''' only when
ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
&reftitle.parameters;
string
The string being converted.
flags
A bitmask of one or more of the following flags, which specify how to handle quotes,
invalid code unit sequences and the used document type. The default is
ENT_COMPAT | ENT_HTML401.
Available <parameter>flags</parameter> constants
Constant Name
Description
ENT_COMPAT
Will convert double-quotes and leave single-quotes alone.
ENT_QUOTES
Will convert both double and single quotes.
ENT_NOQUOTES
Will leave both double and single quotes unconverted.
ENT_IGNORE
Silently discard invalid code unit sequences instead of returning
an empty string. This is provided for backwards compatibility;
avoid using it as it may have security implications.
ENT_SUBSTITUTE
Replace invalid code unit sequences with a Unicode Replacement Character
U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string.
ENT_DISALLOWED
Replace code unit sequences, which are invalid in the specified document type,
with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise).
ENT_HTML401
Handle code as HTML 4.01.
ENT_XML1
Handle code as XML 1.
ENT_XHTML
Handle code as XHTML.
ENT_HTML5
Handle code as HTML 5.
charset
Defines character set used in conversion.
The default character set is ISO-8859-1.
For the purposes of this function, the charsets
ISO-8859-1, ISO-8859-15,
UTF-8, cp866,
cp1251, cp1252, and
KOI8-R are effectively equivalent, provided the
string itself is valid for the character set, as
the characters affected by htmlspecialchars occupy
the same positions in all of these charsets.
&reference.strings.charsets;
double_encode
When double_encode is turned off PHP will not
encode existing html entities, the default is to convert everything.
&reftitle.returnvalues;
The converted string.
If the input string contains an invalid code unit
sequence within the given charset and the
ENT_IGNORE flag is not set, then
htmlspecialchars will return an empty string.
&reftitle.changelog;
&Version;
&Description;
5.4.0
The constants ENT_SUBSTITUTE, ENT_DISALLOWED,
ENT_HTML401, ENT_XML1,
ENT_XHTML and ENT_HTML5 were added.
5.3.0
The constant ENT_IGNORE was added.
5.2.3
The double_encode parameter was added.
4.1.0
The charset parameter was added.
&reftitle.examples;
<function>htmlspecialchars</function> example
Test", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
]]>
&reftitle.notes;
Note that this function does not translate anything beyond what
is listed above. For full entity translation, see
htmlentities.
&reftitle.seealso;
get_html_translation_table
htmlspecialchars_decode
strip_tags
htmlentities
nl2br