- PHP - Home
- PHP - Roadmap
- PHP - Introduction
- PHP - Installation
- PHP - History
- PHP - Features
- PHP - Syntax
- PHP - Hello World
- PHP - Comments
- PHP - Variables
- PHP - Echo/Print
- PHP - var_dump
- PHP - $ and $$ Variables
- PHP - Constants
- PHP - Magic Constants
- PHP - Data Types
- PHP - Type Casting
- PHP - Type Juggling
- PHP - Strings
- PHP - Boolean
- PHP - Integers
- PHP - Files & I/O
- PHP - Maths Functions
- PHP - Heredoc & Nowdoc
- PHP - Compound Types
- PHP - File Include
- PHP - Date & Time
- PHP - Scalar Type Declarations
- PHP - Return Type Declarations
- PHP - Operators
- PHP - Arithmetic Operators
- PHP - Comparison Operators
- PHP - Logical Operators
- PHP - Assignment Operators
- PHP - String Operators
- PHP - Array Operators
- PHP - Conditional Operators
- PHP - Spread Operator
- PHP - Null Coalescing Operator
- PHP - Spaceship Operator
- PHP Control Statements
- PHP - Decision Making
- PHP - If…Else Statement
- PHP - Switch Statement
- PHP - Loop Types
- PHP - For Loop
- PHP - Foreach Loop
- PHP - While Loop
- PHP - Do…While Loop
- PHP - Break Statement
- PHP - Continue Statement
- PHP Arrays
- PHP - Arrays
- PHP - Indexed Array
- PHP - Associative Array
- PHP - Multidimensional Array
- PHP - Array Functions
- PHP - Constant Arrays
- PHP Functions
- PHP - Functions
- PHP - Function Parameters
- PHP - Call by value
- PHP - Call by Reference
- PHP - Default Arguments
- PHP - Named Arguments
- PHP - Variable Arguments
- PHP - Returning Values
- PHP - Passing Functions
- PHP - Recursive Functions
- PHP - Type Hints
- PHP - Variable Scope
- PHP - Strict Typing
- PHP - Anonymous Functions
- PHP - Arrow Functions
- PHP - Variable Functions
- PHP - Local Variables
- PHP - Global Variables
- PHP Superglobals
- PHP - Superglobals
- PHP - $GLOBALS
- PHP - $_SERVER
- PHP - $_REQUEST
- PHP - $_POST
- PHP - $_GET
- PHP - $_FILES
- PHP - $_ENV
- PHP - $_COOKIE
- PHP - $_SESSION
- PHP File Handling
- PHP - File Handling
- PHP - Open File
- PHP - Read File
- PHP - Write File
- PHP - File Existence
- PHP - Download File
- PHP - Copy File
- PHP - Append File
- PHP - Delete File
- PHP - Handle CSV File
- PHP - File Permissions
- PHP - Create Directory
- PHP - Listing Files
- Object Oriented PHP
- PHP - Object Oriented Programming
- PHP - Classes and Objects
- PHP - Constructor and Destructor
- PHP - Access Modifiers
- PHP - Inheritance
- PHP - Class Constants
- PHP - Abstract Classes
- PHP - Interfaces
- PHP - Traits
- PHP - Static Methods
- PHP - Static Properties
- PHP - Namespaces
- PHP - Object Iteration
- PHP - Encapsulation
- PHP - Final Keyword
- PHP - Overloading
- PHP - Cloning Objects
- PHP - Anonymous Classes
- PHP Web Development
- PHP - Web Concepts
- PHP - Form Handling
- PHP - Form Validation
- PHP - Form Email/URL
- PHP - Complete Form
- PHP - File Inclusion
- PHP - GET & POST
- PHP - File Uploading
- PHP - Cookies
- PHP - Sessions
- PHP - Session Options
- PHP - Sending Emails
- PHP - Sanitize Input
- PHP - Post-Redirect-Get (PRG)
- PHP - Flash Messages
- PHP AJAX
- PHP - AJAX Introduction
- PHP - AJAX Search
- PHP - AJAX XML Parser
- PHP - AJAX Auto Complete Search
- PHP - AJAX RSS Feed Example
- PHP XML
- PHP - XML Introduction
- PHP - Simple XML Parser
- PHP - SAX Parser Example
- PHP - DOM Parser Example
- PHP Login Example
- PHP - Login Example
- PHP - Facebook Login
- PHP - Paypal Integration
- PHP - MySQL Login
- PHP Advanced
- PHP - MySQL
- PHP.INI File Configuration
- PHP - Array Destructuring
- PHP - Coding Standard
- PHP - Regular Expression
- PHP - Error Handling
- PHP - Try…Catch
- PHP - Bugs Debugging
- PHP - For C Developers
- PHP - For PERL Developers
- PHP - Frameworks
- PHP - Core PHP vs Frame Works
- PHP - Design Patterns
- PHP - Filters
- PHP - JSON
- PHP - Exceptions
- PHP - Special Types
- PHP - Hashing
- PHP - Encryption
- PHP - is_null() Function
- PHP - System Calls
- PHP - HTTP Authentication
- PHP - Swapping Variables
- PHP - Closure::call()
- PHP - Filtered unserialize()
- PHP - IntlChar
- PHP - CSPRNG
- PHP - Expectations
- PHP - Use Statement
- PHP - Integer Division
- PHP - Deprecated Features
- PHP - Removed Extensions & SAPIs
- PHP - PEAR
- PHP - CSRF
- PHP - FastCGI Process
- PHP - PDO Extension
- PHP - Built-In Functions
PHP String htmlspecialchars() Function
The PHP String htmlspecialchars() function is used to convert special characters to HTML entities. So basically it converts all pre-defined characters to HTML entities. The predefined characters are −
& (ampersand) converted as &
" (double quote) converted as "
' (single quote) converted as '
< (less than) converted as <
> (greater than) converted as >
There is a string function htmlspecialchars_decode() that reverses the htmlspecialchars() method. The primary function of htmlspecialchars_decode() is to convert special HTML entities back to characters. The functions htmlspecialchars() and htmlspecialchars_decode() are inversely related.
Syntax
Below is the syntax of the PHP String htmlspecialchars() function −
string htmlspecialchars ( string $string [, int $flags [, string $encoding [, bool $double_encode ]]] )
Parameters
Here are the parameters of the htmlspecialchars() function −
$string − It contains the information about input string.
$flags − It contains the information about flags.
$encoding − It is an optional argument defining the encoding used when converting characters.
$double_encode − When double_encode is disabled, PHP does not encode existing HTML entities; the default is to convert everything.
Return Value
The htmlspecialchars() function returns the converted string. If the input string contains an invalid code unit sequence within the specified encoding, an empty string will be returned, unless the ENT_IGNORE or ENT_SUBSTITUTE flags are set.
PHP Version
First introduced in core PHP 4, the htmlspecialchars() function continues to function easily in PHP 5, PHP 7, and PHP 8.
Example 1
First we will show you the basic example of the PHP String htmlspecialchars() function to convert special characters to HTML entities.
<?php
// Use htmlspecialchars function here
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
// Print the result here
echo $new;
?>
Output
Here is the outcome of the following code −
& lt;a href=& #039;test& #039;& gt;Test& lt;/a& gt;
Example 2
In the below PHP code we will use the htmlspecialchars() function and converts special characters in a string into HTML entities.
<?php
$input = htmlspecialchars("<a href='tutorialspoint'>Tutorialspoint</a>", ENT_QUOTES);
echo $input;
?>
Output
This will generate the below output −
& lt;a href='tutorialspoint'& gt;Tutorialspoint& lt;/a& gt;
Example 3
Now in the below code, the <script> tags are transformed to plain text, so the browser does not execute the script.
<?php
$userInput = "<script>alert('Hacked!');</script>";
$safeInput = htmlspecialchars($userInput, ENT_QUOTES);
echo "User input: " . $safeInput;
?>
Output
This will create the below output −
User input: & lt;script& gt;alert(& #039;Hacked!& #039;);& lt;/script& gt;
Note: Please keep in mind that this function only provides the specified translations. The htmlentities() provides comprehensive entity translation.