htmlspecialchars
(PHP 4, PHP 5)
htmlspecialchars — Convert special characters to HTML entities
说明
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $charset [, bool $double_encode = true ]]] )Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.
This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application.
The translations performed are:
- '&' (ampersand) becomes '&'
- '"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
- "'" (single quote) becomes ''' only when ENT_QUOTES is set.
- '<' (less than) becomes '<'
- '>' (greater than) becomes '>'
参数
- string
-
The string being converted.
- flags
-
A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is ENT_COMPAT | ENT_HTML401.
Available flags constants Constant Name Description ENT_COMPAT Will convert double-quotes and leave single-quotes alone. ENT_QUOTES Will convert both double and single quotes. ENT_NOQUOTES Will leave both double and single quotes unconverted. ENT_IGNORE Silently discard invalid code unit sequences instead of returning an empty string. This is provided for backwards compatibility; avoid using it as it may have security implications. ENT_SUBSTITUTE Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string. ENT_DISALLOWED Replace code unit sequences, which are invalid in the specified document type, with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; (otherwise). ENT_HTML401 Handle code as HTML 4.01. ENT_XML1 Handle code as XML 1. ENT_XHTML Handle code as XHTML. ENT_HTML5 Handle code as HTML 5. - charset
-
Defines character set used in conversion. The default character set is ISO-8859-1.
For the purposes of this function, the charsets ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, provided the string itself is valid for the character set, as the characters affected by htmlspecialchars() occupy the same positions in all of these charsets.
以下字符集设置从 PHP 4.3.0 版本开始被支持。
支持的字符集列表 字符集 别名 描述 ISO-8859-1 ISO8859-1 西欧,Latin-1 ISO-8859-15 ISO8859-15 西欧,Latin-9。增加欧元符号,法语和芬兰语字母在 Latin-1(ISO-8859-1) 中缺失。 UTF-8 ASCII 兼容的多字节 8 位 Unicode。 cp866 ibm866, 866 DOS 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 cp1251 Windows-1251, win-1251, 1251 Windows 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 cp1252 Windows-1252, 1252 Windows 特有的西欧编码。 KOI8-R koi8-ru, koi8r 俄语。本字符集在 4.3.2 版本中得到支持。 BIG5 950 繁体中文,主要用于中国台湾省。 GB2312 936 简体中文,中国国家标准字符集。 BIG5-HKSCS 繁体中文,附带香港扩展的 Big5 字符集。 Shift_JIS SJIS, 932 日语 EUC-JP EUCJP 日语 Note: 其他字符集没有认可。可以使用 ISO-8859-1 来替代。
- double_encode
-
When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.
返回值
The converted string.
If the input string contains an invalid code unit sequence within the given charset and the ENT_IGNORE flag is not set, then htmlspecialchars() will return an empty string.
更新日志
版本 | 说明 |
---|---|
5.4.0 | The constants ENT_SUBSTITUTE, ENT_DISALLOWED, ENT_HTML401, ENT_XML1, ENT_XHTML and ENT_HTML5 were added. |
5.3.0 | The constant ENT_IGNORE was added. |
5.2.3 | The double_encode parameter was added. |
4.1.0 | The charset parameter was added. |
范例
Example #1 htmlspecialchars() example
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
注释
Note:
Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities().
参见
- get_html_translation_table() - 返回使用 htmlspecialchars 和 htmlentities 后的转换表
- htmlspecialchars_decode() - Convert special HTML entities back to characters
- strip_tags() - 从字符串中去除 HTML 和 PHP 标记
- htmlentities() - Convert all applicable characters to HTML entities
- nl2br() - 在字符串所有新行之前插入 HTML 换行标记