Home >>PHP String Functions >PHP htmlspecialchars() Function

PHP htmlspecialchars() Function

PHP htmlspecialchars() Function

PHP htmlspecialchars() function is used to convert all the available pre-defined characters into HTML entities. htmlspecialchars() function is an in-built function of PHP. The pre-defined characters which get converted into HTML entities are:-

  • & (ampersand) get converted into &
  • " (double quote) get converted into "
  • ' (single quote) get converted into '
  • < (less than) get converted into &lt;
  • > (greater than) get converted into &gt;

PHP htmlspecialchars_decode() function is the opposite of PHP htmlspecialchars() function. htmlspecialchars_decode() function is used to convert all the special HTML entities back to the pre-defined characters.

Syntax:-

 String htmlspecialchars ( $string, $flags, $encoding, $double_encode );  

Parameter Values

Parameter Description
string This is a required parameter. This parameter is used to hold the given input string.
flags This is an optional parameter. This parameter is used to hold the flags value. This parameter defines how to handle quotes, invalid encoding and the used document type.
charset This is an optional parameter. This parameter holds a string that defines which character-set to use in the function.
double_encode This is an optional parameter.This parameter holds a boolean value that defines whether to encode existing html entities or not.

Here is an example of htmlspecialchars() function in PHP:

<html>
<body>

<?php
$str = "ME & YOU.";
echo htmlspecialchars($str);
?>

</body>
</html>
Output:
Me &amp; YOU.

Here is an another example of htmlspecialchars() function in PHP:

<html>
<body>

<?php
$str = '"PHP" is best.';
echo htmlspecialchars($str, ENT_QUOTES);
?>

</body>
</html>
Output:
&quot;PHP&quot; is best.

Here is an another example of htmlspecialchars() function in PHP using the $flags parameter:

<html>
<body>

<?php
$str = "Me & 'You'";
echo htmlspecialchars($str, ENT_COMPAT); //Converts double quotes only
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes both
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>

</body>
</html>
Output:
Me &amp; 'You'
Me &amp; &#039;You&#039;
Me &amp; 'You'

PHP String Functions PHP addcslashes() Function PHP addslashes() Function PHP bin2hex() Function PHP chop() Function PHP chr() Function PHP chunk_split() Function PHP convert_cyr_string() Function PHP convert_uudecode() Function PHP convert_uuencode() Function PHP count_chars() Function PHP crc32() Function PHP crypt() Function PHP echo() Function PHP empty() function PHP explode() Function PHP strcmp() Function PHP fprintf() Function PHP strcoll() Function PHP get_html_translation_table() Function PHP strcspn() Function PHP hebrev() Function PHP strip_tags() Function PHP hebrevc() Function PHP hex2bin() Function PHP html_entity_decode() Function PHP htmlentities() Function PHP htmlspecialchars() Function PHP htmlspecialchars_decode() Function PHP implode() Function PHP join() Function PHP lcfirst() Function PHP levenshtein() Function PHP localeconv() Function PHP ltrim() Function PHP md5() Function PHP md5_file() Function PHP metaphone() Function PHP money_format() Function PHP nl_langinfo() Function PHP nl2br() Function PHP number_format() Function PHP ord() Function PHP parse_str() Function PHP print() Function PHP printf() Function PHP quoted_printable_decode() Function PHP quoted_printable_encode() Function PHP quotemeta() Function PHP rtrim() Function PHP setlocale() Function PHP sha1() Function PHP sha1_file() Function PHP similar_text() Function PHP soundex() Function PHP sprintf() Function PHP sscanf() Function PHP str_getcsv() Function PHP str_ireplace() Function PHP str_pad() Function PHP str_repeat() Function PHP str_replace() Function PHP str_rot13() Function PHP str_shuffle() Function PHP str_split() Function PHP str_word_count() Function PHP strcasecmp() Function PHP strchr() Function