Sunny Books
What we have

HTML special characters

Sometimes we need to convert some special characters to HTML and vice versa, PHP provides us some built-in functions that we can use.

htmlspecialchars()

The htmlspecialchars() function converts some predefined characters to HTML entities.

The translations performed are:

  • & (ampersand) becomes &
  • " (double quote) becomes "
  • ' (single quote) becomes '
  • < (less than) becomes &lt;
  • > (greater than) becomes &gt;

Syntax

htmlspecialchars(string,quotestyle,character-set)

The available quote styles are:

  • ENT_COMPAT - Default. Encodes only double quotes
  • ENT_QUOTES - Encodes double and single quotes
  • ENT_NOQUOTES - Does not encode any quotes

Example:

$test1 = htmlspecialchars("<a href='google.com'>Search</a>", ENT_QUOTES);
echo $test1;
// &lt;a href=&#039;google.com&#039;&gt;Search&lt;/a&gt;
    
$test2 = htmlspecialchars("<a href='google.com'>Search</a>", ENT_COMPAT);
echo $test2;
// &lt;a href='google.com'&gt;Search&lt;/a&gt;
    
$test3 = htmlspecialchars("<a href='google.com'>Search</a>", ENT_NOQUOTES);
echo $test3;
// &lt;a href='google.com'&gt;Search&lt;/a&gt;


htmlspecialchars_decode()

The htmlspecialchars_decode() function converts some predefined HTML entities to characters. It is the opposite of htmlspecialchars().

Syntax

htmlspecialchars_decode(string,quotestyle)

The available quote styles are as same as those of htmlspecialchars.

Example:

$test = htmlspecialchars_decode("&lt;a href=&#039;google.com&#039;&gt;Search&lt;/a&gt;");
echo $test;
// lt;a href='google.com'>Search</a>


strip_tags()

The strip_tags() function strips a string from HTML, XML, and PHP tags.

Syntax

strip_tags(string,allow)

the second optional parameter "allow" is used to specify tags which should not be stripped.

Example

$test = '<p>Test paragraph.</p><!-- Comment --> <a href="#other">Other text</a>';
echo strip_tags($test);
// Test paragraph. Other text
echo strip_tags($test, '<p><a>'); 
// <p>Test paragraph.</p><a href="#other">Other text</a>

Note: HTML comments are always stripped. This cannot be changed with the allow parameter.



htmlentities()

This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.



html_entity_decode()

Convert all HTML entities to their applicable characters

Syntax

html_entity_decode(string,quotestyle,character-set)

Example

$orig = "I'll \"walk\" the <b>dog</b> now";
$a = htmlentities($orig);
$b = html_entity_decode($a);
echo $a; // I'll &quot;walk&quot; the &lt;b&gt;dog&lt;/b&gt; now
echo $b; // I'll "walk" the <b>dog</b> now

htmlspecialchars only takes care of <, >, single quote, double quote and ampersand whereas htmlentities translates all occurrences of character sequences that have some other meaning in HTML.

You should use htmlspecialchars($strText, ENT_QUOTES) when you just want your string to be XML and HTML safe: However, if you also have additional characters that are unicode or uncommon symbols in your text then you should use htmlentities() to ensure they show up properly in your HTML page.

SUNWEB EXPERT