Htmlspecialchars() is a function to convert special characters to HTML entities.
$variable = htmlspecialchars($text);
Some special characters have special meaning for browsers, so they should be converted to entities. This prevents general script safety and prevents the page from being rendered incorrectly.
It is most commonly used to protect forms and any place where the user inserts text and is at risk of inserting HTML tags.
Character | Note | Changes to |
---|---|---|
& |
ampersand | & |
" |
double quote (changes when ENT_NOQUOTES is disabled) |
" |
' |
apostrophe (changes when ENT_QUOTES is enabled) |
' |
< |
less than, HTML bracket | < |
> |
greater than, HTML bracket | > |
String to convert
flags Different behavior settings
charset Specifies the character set (encoding). The default character set is ISO-8859-1
.
You can use ISO-8859-1
, ISO-8859-15
, UTF-8
, cp866
, CP1251
, CP1252
, and KOI8-R
.
Note: Support only from PHP 4.3.0 and later. Any other character sets are not recognized and supported.
double_encode When double_encode
is disabled, PHP will not encode existing HTML entities, the default is to convert everything.
Convert string.
If the string contains invalid units, within the given charset in ENT_IGNORE
(not set), an empty string is returned.
Version | Note |
---|---|
5.4.0 | Adding constants ENT_SUBSTITUTE , ENT_DISALLOWED , ENT_HTML401 , ENT_XML1 , ENT_XHTML and ENT_HTML5 . |
5.3.0 | Adding the ENT_IGNORE constant. |
5.2.3 | Adding the double_encode parameter. |
4.1.0 | Adding the charset parameter. |
$new = htmlspecialchars('<a href="test">Test<a>',ENT_QUOTES);echo $new; // <a href="test">Test<a>
Jan Barášek Více o autorovi
Autor článku pracuje jako seniorní vývojář a software architekt v Praze. Navrhuje a spravuje velké webové aplikace, které znáte a používáte. Od roku 2009 nabral bohaté zkušenosti, které tímto webem předává dál.
Rád vám pomůžu:
Články píše Jan Barášek © 2009-2024 | Kontakt | Mapa webu
Status | Aktualizováno: ... | en