htmlentities(PHP 4, PHP 5, PHP 7)

htmlentities — Convert all applicable characters to HTML entities

Html Code
string htmlentities ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )
[ad type=”banner”] This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

If you want to decode instead (the reverse) you can use html_entity_decode()
[ http://us2.php.net/manual/en/function.html-entity-decode.php ].

Example #1

A htmlentities() example :

Php Code
<?php
$str = "A 'quote' is <b>bold</b>";

// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);

// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
?>

Example #2

Usage of ENT_IGNORE :

Php Code
<?php
$str = "\x8F!!!";

// Outputs an empty string
echo htmlentities($str, ENT_QUOTES, "UTF-8");

// Outputs "!!!"
echo htmlentities($str, ENT_QUOTES | ENT_IGNORE, "UTF-8");
?>
[ad type=”banner”]

htmlspecialchars(PHP 4, PHP 5, PHP 7)

htmlspecialchars — Convert special characters to HTML entities

Html Code
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings.

This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.

If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document.

If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and htmlentities() (which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use mb_encode_numericentity() instead.

Example #1

htmlspecialchars() example:

Php Code
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>

htmlspecialchars vs htmlentities

When there is no need to encode all characters which have their HTML equivalents.

If you know that the page encoding match the text special symbols, why would you use htmlentities? htmlspecialchars is much straightforward, and produce less code to send to the client.

For example:

Html Code
echo htmlentities('<Il était une fois un être>.');
// Output: <Il était une fois un être>.
// ^^^^^^^^ ^^^^^^^

echo htmlspecialchars('<Il était une fois un être>.');
// Output: <Il était une fois un être>.
//

The second one is shorter, and does not cause any problems if ISO-8859-1 charset is set

When the data will be processed not only through a browser (to avoid decoding HTML entities),

If the output is XML

  • Sometimes you’re writing XML data, and you can’t use HTML entities in a XML file.
  • Because htmlentities substitutes more characters than htmlspecialchars. This is unnecessary, makes the PHP script less efficient and the resulting HTML code less readable.
  • htmlentities is only necessary if your pages use encodings such as ASCII or LATIN-1 instead of UTF-8 and you’re handling data with an encoding different from the page’s.

This is being encoded with htmlentities.

Html Code
implode( array_values( get_html_translation_table( HTML_ENTITIES ) ), "\t" ):
[ad type=”banner”]
Html Code
" & < >¡ ¢ £ ¤ ¥ ¦ § ¨ © ª « ¬ ­ ® ¯ ° ± ² ³ ´ µ ¶ · ¸ ¹ º » ¼ ½ ¾ ¿ À Á Â Ã Ä Å Æ Ç È É Ê Ë Ì Í Î Ï Ð Ñ Ò Ó Ô Õ Ö × Ø Ù Ú Û Ü Ý Þ ß à á â ã ä å æ ç è é ê ë ì í î ï ð ñ ò ó ô õ ö ÷ ø ù ú û ü ý þ ÿ Œ œ Š š Ÿ ƒ ˆ ˜ Α Β Γ Δ Ε Ζ Η Θ Ι Κ Λ Μ Ν Ξ Ο Π Ρ Σ Τ Υ Φ Χ Ψ Ω α β γ δ ε ζ η θ ι κ λ μ ν ξ ο π ρ ς σ τ υ φ χ ψ ω ϑ ϒ ϖ       ‌ ‍ ‎ ‏ – — ‘ ’ ‚ “ ” „ † ‡ • … ‰ ′ ″ ‹ › ‾ ⁄ € ℑ ℘ ℜ ™ ℵ ← ↑ → ↓ ↔ ↵ ⇐ ⇑ ⇒ ⇓ ⇔ ∀ ∂ ∃ ∅ ∇ ∈ ∉ ∋ ∏ ∑ − ∗ √ ∝ ∞ ∠ ∧ ∨ ∩ ∪ ∫ ∴ ∼ ≅ ≈ ≠ ≡ ≤ ≥ ⊂ ⊃ ⊄ ⊆ ⊇ ⊕ ⊗ ⊥ ⋅ ⌈ ⌉ ⌊ ⌋ ⟨ ⟩ ◊ ♠ ♣ ♥ ♦

This is being encoded with htmlspecialchars.

Html Code
implode( array_values( get_html_translation_table( HTML_SPECIALCHARS ) ), "\t" ):
Html Code
" & < >

You should use htmlspecialchars($strText, ENT_QUOTES) when you just want your string to be XML and HTML safe:

For example, encode

  • & to &amp;
  • ” to &quot;
  • < to &lt;
  • > to &gt;
  • ‘ to &#039;

However, if you also have additional characters that are Unicode or uncommon symbols in your text then you should use htmlentities() to ensure they show up properly in your HTML page.

Notes:

  • ‘ will only be encoded by htmlspecialchars() to &#039; if the ENT_QUOTES option is passed in. &#039; is safer to use then &apos; since older versions of Internet Explorer do not support the &apos; entity.
  • Technically, > does not need to be encoded as per the XML specification, but it is usually encoded too for consistency with the requirement of < being encoded.

Categorized in: