Search w3schools.com:

SHARE THIS PAGE

PHP htmlspecialchars() Function

PHP String Reference Complete PHP String Reference

Example

Convert the predefined characters "<" (less than) and ">" (greater than) to HTML entities:

<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>

The HTML output of the code above will be (View Source):

<!DOCTYPE html>
<html>
<body>
This is some &lt;b&gt;bold&lt;/b&gt; text.
</body>
</html>

The browser output of the code above will be:

This is some <b>bold</b> text.

Run example »

Definition and Usage

The htmlspecialchars() function converts some predefined characters to HTML entities.

The predefined characters are:

  • & (ampersand) becomes &amp;
  • " (double quote) becomes &quot;
  • ' (single quote) becomes &#039;
  • < (less than) becomes &lt;
  • > (greater than) becomes &gt;

Tip: To convert special HTML entities back to characters, use the htmlspecialchars_decode() function.

Syntax

htmlspecialchars(string,flags,character-set,double_encode)

Parameter Description
string Required. Specifies the string to convert
flags Optional. Specifies how to handle quotes, invalid encoding and the used document type.

The available quote styles are:

  • ENT_COMPAT - Default. Encodes only double quotes
  • ENT_QUOTES - Encodes double and single quotes
  • ENT_NOQUOTES - Does not encode any quotes

Invalid encoding:

  • ENT_IGNORE - Ignores invalid encoding instead of having the function return an empty string. Should be avoided, as it may have security implications.
  • ENT_SUBSTITUTE - Replaces invalid encoding for a specified character set with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string.
  • ENT_DISALLOWED - Replaces code points that are invalid in the specified doctype with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;

Additional flags for specifying the used doctype:

  • ENT_HTML401 - Default. Handle code as HTML 4.01
  • ENT_HTML5 - Handle code as HTML 5
  • ENT_XML1 - Handle code as XML 1
  • ENT_XHTML - Handle code as XHTML
character-set Optional. A string that specifies which character-set to use.

Allowed values are:

  • UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode
  • ISO-8859-1 - Western European
  • ISO-8859-15 - Western European (adds the Euro sign + French and Finnish letters missing in ISO-8859-1)
  • cp866 - DOS-specific Cyrillic charset
  • cp1251 - Windows-specific Cyrillic charset
  • cp1252 - Windows specific charset for Western European
  • KOI8-R - Russian
  • BIG5 - Traditional Chinese, mainly used in Taiwan
  • GB2312 - Simplified Chinese, national standard character set
  • BIG5-HKSCS - Big5 with Hong Kong extensions
  • Shift_JIS - Japanese
  • EUC-JP - Japanese
  • MacRoman - Character-set that was used by Mac OS

Note: Unrecognized character-sets will be ignored and replaced by ISO-8859-1 in versions prior to PHP 5.4. As of PHP 5.4, it will be ignored an replaced by UTF-8.

double_encode Optional. A boolean value that specifies whether to encode existing html entities or not.
  • TRUE - Will not encode existing html entities
  • FALSE - Default. Will convert everything

Technical Details

Return Value: Returns the converted string

If the string contains invalid encoding, it will return an empty string, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set
PHP Version: 4+
Changelog: The default value for the character-set parameter was changed to UTF-8 in PHP 5

ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_HTML5, ENT_XML1 and ENT_XHTML were added in PHP 5.4

ENT_IGNORE was added in PHP 5.3

The double_encode parameter was added in PHP 5.2.3

The character-set parameter was added in PHP 4.1

More Examples

Example 1

Convert some predefined characters to HTML entities:

<?php
$str = "Jane & 'Tarzan'";
echo htmlspecialchars($str, ENT_COMPAT); // Will only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>

The HTML output of the code above will be (View Source):

<!DOCTYPE html>
<html>
<body>
Jane &amp; 'Tarzan'<br>
Jane &amp; &#039;Tarzan&#039;<br>
Jane &amp; 'Tarzan'
</body>
</html>

The browser output of the code above will be:

Jane & 'Tarzan'
Jane & 'Tarzan'
Jane & 'Tarzan'

Run example »

Example 2

Convert double quotes to HTML entities:

<?php
$str = 'I love "PHP".';
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
?>

The HTML output of the code above will be (View Source):

<!DOCTYPE html>
<html>
<body>
I love &quot;PHP&quot;.
</body>
</html>

The browser output of the code above will be:

I love "PHP".

Run example »

PHP String Reference Complete PHP String Reference
W3Schools Certification

W3Schools' Online Certification

The perfect solution for professionals who need to balance work, family, and career building.

More than 10 000 certificates already issued!

Get Your Certificate »

The HTML Certificate documents your knowledge of HTML.

The HTML5 Certificate documents your knowledge of advanced HTML5.

The CSS Certificate documents your knowledge of advanced CSS.

The JavaScript Certificate documents your knowledge of JavaScript and HTML DOM.

The jQuery Certificate documents your knowledge of jQuery.

The XML Certificate documents your knowledge of XML, XML DOM and XSLT.

The ASP Certificate documents your knowledge of ASP, SQL, and ADO.

The PHP Certificate documents your knowledge of PHP and SQL (MySQL).

Your suggestion:

Close [X]

Thank You For Helping Us!

Your message has been sent to W3Schools.

Close [X]