In HTML, certain characters have a special significance. They should be represented as HTML entities so as to preserve their meaning. PHP htmlspecialchars is an inbuilt function in PHP that converts certain special characters to HTML entities. In this article, we will discuss the PHP htmlspecialchars function. Also, we will discuss a few examples of using it.
Note: This function only converts special characters to HTML entities. However, it does not convert all applicable characters. To convert all applicable characters to HTML entities, use PHP htmlentities Function. Also, you can convert the encoded string back to plain text using htmlspecialchars_decode function.
string htmlspecialchars( $string, $flags, $encoding, $double_encode )
The PHP htmlspecialchars function expects four parameters in the input. However, only one parameter is mandatory and the other three are optional. The description of the parameters is as follows:
- $string: The input string to process in the function. Also, it is a mandatory parameter.
- $flags: The second parameter is a combination of two flags and it specifies the behavior with handling quotes. The default is ENT_COMPAT | ENT_HTML401.
- $encoding: The third parameter specifies the encoding while converting characters. By default, the function uses the default PHP encoding. Also, it is an optional parameter.
- $double_encode: If double encoding is turned off then the function does not convert existing HTML entities. However, the default behavior is to convert everything.
Also, you can view the list of supported flags and encoding value on the Official PHP Documentation.
The PHP htmlspecialchars Function returns the string after converting all special characters to HTML entities. It makes the following translations:
- & (ampersand) becomes &
- ” (Double quote) becomes "
- ‘ (single quote) becomes '
- < (less than) becomes <
- > (greater than) becomes >
Let’s discuss a few examples of using PHP htmlspecialchars.
Example 1: Converting Ampersand (&)
For instance, consider a simple string conversion to HTML entities.
<?php $string = "Concatly & 'Knowledge'"; echo htmlspecialchars($string); ?>
In the above example, the function will convert & (ampersand).
OUTPUT (In Browser View Source): Concatly & 'Knowledge'
Example 2: Converting Quotes
Consider a few examples with passing different flags in the parameter of the function.
<?php $string = "Concatly & 'Knowledge'"; echo htmlspecialchars($string, ENT_COMPAT); //Convert Only Double Quotes echo '<br/>'; echo htmlspecialchars($string, ENT_QUOTES); //Convert both Double and Single Quotes echo '<br/>'; echo htmlspecialchars($string, ENT_NOQUOTES); //Dont convert any quotes ?>
OUTPUT: Concatly & 'Knowledge' Concatly & 'Knowledge' Concatly & 'Knowledge'
Example 3: Converting Double Quotes
Similarly, we can also convert double quotes using the PHP htmlspecialchars function.
<?php $string = 'Concatly & "Knowledge"'; echo htmlspecialchars($string, ENT_QUOTES); //Convert both Double and Single Quotes ?>
OUTPUT: Concatly & "Knowledge"quot;
Example 4: Converting Greater Than and Less Than
Similarly, the PHP htmlspecialchars function also converts Greater Than (>) and Less Than (<) characters.
<?php $string = '10 > 5 but 10 < 20'; echo htmlspecialchars($string); //Convert both Double and Single Quotes ?>
OUTPUT: 10 > 5 but 10 < 20
Vishesh is currently working as an Intermediate Software Engineer with Orion Health, New Zealand. He graduated with a Masters in Information Technology from the University of Auckland in 2021. With more than 4 years of work experience, his expertise includes Java, Python, Machine Learning, PHP, Databases, Design and Architecture.