(PHP 4, PHP 5)
htmlspecialchars — Convert special characters to HTML entities
Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.
This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application.
The translations performed are:
The string being converted.
A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is ENT_COMPAT | ENT_HTML401.
| Constant Name | Description |
|---|---|
| ENT_COMPAT | Will convert double-quotes and leave single-quotes alone. |
| ENT_QUOTES | Will convert both double and single quotes. |
| ENT_NOQUOTES | Will leave both double and single quotes unconverted. |
| ENT_IGNORE | Silently discard invalid code unit sequences instead of returning an empty string. This is provided for backwards compatibility; avoid using it as it may have security implications. |
| ENT_SUBSTITUTE | Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string. |
| ENT_DISALLOWED | Replace code unit sequences, which are invalid in the specified document type, with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise). |
| ENT_HTML401 | Handle code as HTML 4.01. |
| ENT_XML1 | Handle code as XML 1. |
| ENT_XHTML | Handle code as XHTML. |
| ENT_HTML5 | Handle code as HTML 5. |
Defines character set used in conversion. The default character set is ISO-8859-1.
For the purposes of this function, the charsets ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, provided the string itself is valid for the character set, as the characters affected by htmlspecialchars() occupy the same positions in all of these charsets.
以下字符集设置从 PHP 4.3.0 版本开始被支持。
| 字符集 | 别名 | 描述 |
|---|---|---|
| ISO-8859-1 | ISO8859-1 | 西欧,Latin-1 |
| ISO-8859-15 | ISO8859-15 | 西欧,Latin-9。增加欧元符号,法语和芬兰语字母在 Latin-1(ISO-8859-1) 中缺失。 |
| UTF-8 | ASCII 兼容的多字节 8 位 Unicode。 | |
| cp866 | ibm866, 866 | DOS 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 |
| cp1251 | Windows-1251, win-1251, 1251 | Windows 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 |
| cp1252 | Windows-1252, 1252 | Windows 特有的西欧编码。 |
| KOI8-R | koi8-ru, koi8r | 俄语。本字符集在 4.3.2 版本中得到支持。 |
| BIG5 | 950 | 繁体中文,主要用于中国台湾省。 |
| GB2312 | 936 | 简体中文,中国国家标准字符集。 |
| BIG5-HKSCS | 繁体中文,附带香港扩展的 Big5 字符集。 | |
| Shift_JIS | SJIS, 932 | 日语 |
| EUC-JP | EUCJP | 日语 |
Note: 其他字符集没有认可。可以使用 ISO-8859-1 来替代。
When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.
The converted string.
If the input string contains an invalid code unit sequence within the given charset and the ENT_IGNORE flag is not set, then htmlspecialchars() will return an empty string.
| 版本 | 说明 |
|---|---|
| 5.4.0 | The constants ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_XML1, ENT_XHTML and ENT_HTML5 were added. |
| 5.3.0 | The constant ENT_IGNORE was added. |
| 5.2.3 | The double_encode parameter was added. |
| 4.1.0 | The charset parameter was added. |
Example #1 htmlspecialchars() example
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
Note:
Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities().