PHP function htmlspecialchars - escaping characters

26. 11. 2019

Obsah článku

Available in `PHP 4, 5, 7`.

Converts special characters that have meaning in HTML to HTML entities that can be rendered in the normal way.

Parameters

Parameter	Data type	Default value	Note
`$string`	`string`	not	String to be converted.
`$flags`	`int`	`ENT_COMPAT`	A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is `ENT_COMPAT
`$encoding`	`string`	`'UTF-8'`	Defines the encoding used in conversion. If omitted, the default value for this argument is `ISO-8859-1` in versions of PHP prior to `5.4.0`, and UTF-8 from `PHP 5.4.0` onwards.
`$double_encode`	`bool`	`true`	When `double_encode` is turned off PHP will not encode existing html entities, the default is to convert everything.

Return values

string Modified string.

Other switches

Constant	Description
`ENT_SUBSTITUTE`	Replace invalid code unit sequences with a Unicode Replacement Character `U+FFFD (UTF-8)` or `&#FFFD;` (otherwise) instead of returning an empty string.
`ENT_DISALLOWED`	Replace invalid code points for the given document type with a Unicode Replacement Character `U+FFFD (UTF-8)` or `&#FFFD`; (otherwise) instead of leaving them as is. This may be useful, for instance, to ensure the well-formedness of XML documents with embedded external content.
`ENT_HTML401`	Handle code as HTML 4.01.
`ENT_XML1`	Handle code as XML 1.
	`ENT_XHTML`
	`ENT_HTML5`

Other resources

[Official htmlspecialchars documentation](- Official php.net documentation)

Jan Barášek Více o autorovi

Autor článku pracuje jako seniorní vývojář a software architekt v Praze. Navrhuje a spravuje velké webové aplikace, které znáte a používáte. Od roku 2009 nabral bohaté zkušenosti, které tímto webem předává dál.