htmlspecialcharsConvert special characters to HTML entities
&reftitle.description;
stringhtmlspecialcharsstringstringintflagsENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401stringnullencoding&null;booldouble_encode&true;
Certain characters have special significance in HTML, and should
be represented by HTML entities if they are to preserve their
meanings. This function returns a string with these
conversions made. If you require all input substrings that have associated
named entities to be translated, use htmlentities
instead.
If the input string passed to this function and the final document share the
same character set, this function is sufficient to prepare input for
inclusion in most contexts of an HTML document. If, however, the input can
represent characters that are not coded in the final document character set
and you wish to retain those characters (as numeric or named entities),
both this function and htmlentities (which only encodes
substrings that have named entity equivalents) may be insufficient.
You may have to use mb_encode_numericentity instead.
Performed translationsCharacterReplacement& (ampersand)&" (double quote)", unless ENT_NOQUOTES is set' (single quote)' (for ENT_HTML401) or ' (for
ENT_XML1, ENT_XHTML or
ENT_HTML5), but only when
ENT_QUOTES is set
< (less than)<> (greater than)>
&reftitle.parameters;
string
The string being converted.
flags
A bitmask of one or more of the following flags, which specify how to handle quotes,
invalid code unit sequences and the used document type. The default is
ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.
Available <parameter>flags</parameter> constantsConstant NameDescriptionENT_COMPATWill convert double-quotes and leave single-quotes alone.ENT_QUOTESWill convert both double and single quotes.ENT_NOQUOTESWill leave both double and single quotes unconverted.ENT_IGNORE
Silently discard invalid code unit sequences instead of returning
an empty string. Using this flag is discouraged as it
may have security implications.
ENT_SUBSTITUTE
Replace invalid code unit sequences with a Unicode Replacement Character
U+FFFD (UTF-8) or � (otherwise) instead of returning an empty string.
ENT_DISALLOWED
Replace invalid code points for the given document type with a
Unicode Replacement Character U+FFFD (UTF-8) or �
(otherwise) instead of leaving them as is. This may be useful, for
instance, to ensure the well-formedness of XML documents with
embedded external content.
ENT_HTML401
Handle code as HTML 4.01.
ENT_XML1
Handle code as XML 1.
ENT_XHTML
Handle code as XHTML.
ENT_HTML5
Handle code as HTML 5.
encoding
&strings.parameter.encoding;
For the purposes of this function, the encodings
ISO-8859-1, ISO-8859-15,
UTF-8, cp866,
cp1251, cp1252, and
KOI8-R are effectively equivalent, provided the
string itself is valid for the encoding, as
the characters affected by htmlspecialchars occupy
the same positions in all of these encodings.
&reference.strings.charsets;
double_encode
When double_encode is turned off PHP will not
encode existing html entities, the default is to convert everything.
&reftitle.returnvalues;
The converted string.
If the input string contains an invalid code unit
sequence within the given encoding an empty string
will be returned, unless either the ENT_IGNORE or
ENT_SUBSTITUTE flags are set.
&reftitle.changelog;
&Version;&Description;8.1.0flags changed from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.
&reftitle.examples;
<function>htmlspecialchars</function> example
Test", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
]]>
&reftitle.notes;
Note that this function does not translate anything beyond what
is listed above. For full entity translation, see
htmlentities.
In case of an ambiguous flags value, the following rules apply:
When neither of ENT_COMPAT, ENT_QUOTES,
ENT_NOQUOTES is present, the default is ENT_NOQUOTES.
When more than one of ENT_COMPAT, ENT_QUOTES,
ENT_NOQUOTES is present, ENT_QUOTES takes the
highest precedence, followed by ENT_COMPAT.
When neither of ENT_HTML401, ENT_HTML5,
ENT_XHTML, ENT_XML1 is present, the default is
ENT_HTML401.
When more than one of ENT_HTML401, ENT_HTML5,
ENT_XHTML, ENT_XML1 is present,
ENT_HTML5 takes the highest precedence,
followed by ENT_XHTML, ENT_XML1 and ENT_HTML401.
When more than one of ENT_DISALLOWED, ENT_IGNORE,
ENT_SUBSTITUTE are present, ENT_IGNORE takes the
highest precedence, followed by ENT_SUBSTITUTE.
&reftitle.seealso;
get_html_translation_tablehtmlspecialchars_decodestrip_tagshtmlentitiesnl2br