(PHP 4, PHP 5)
htmlspecialchars — Convert special characters to HTML entities
Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.
This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application.
The translations performed are:
The string being converted.
The optional second argument, flags, tells the function what to do with single and double quote characters and with invalid multi-byte sequences. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated. In addition, since 5.3.0, these constants can be combined with ENT_IGNORE. In that case, strings that contain invalid code unit sequences have those invalid sequences discarded instead of having the function return an empty string. Avoid using it, as it may have introduce vulnerabilities.
Defines character set used in conversion. The default character set is ISO-8859-1.
For the purposes of this function, the charsets ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, as the characters affected by htmlspecialchars() occupy the same positions in all of these charsets.
Los siguientes juegos de caracteres son soportados en PHP 4.3.0 y versiones posteriores.
Juego de caracteres | Alias | Descripción |
---|---|---|
ISO-8859-1 | ISO8859-1 | Europeo Occidental, Latin-1 |
ISO-8859-15 | ISO8859-15 | Europeo Occidental, Latin-9. Añade el signo de Euro, y letras del Francés y Finlandés que hacián falta en Latin-1(ISO-8859-1). |
UTF-8 | Multi-byte Unicode de 8-bits compatible con ASCII. | |
cp866 | ibm866, 866 | Juego de caracteres Cirílico específico de DOS. Este juego de caracteres está soportado en la versión 4.3.2. |
cp1251 | Windows-1251, win-1251, 1251 | Juego de caracteres Cirílicos específico de Windows. Este juego de caracteres está soportado en la versíón 4.3.2. |
cp1252 | Windows-1252, 1252 | Juego de caracteres específico de Windows para Europa Occidental. |
KOI8-R | koi8-ru, koi8r | Ruso. Este juego de caracteres está soportado en la versión 4.3.2. |
BIG5 | 950 | Chino Tradicional, usado principalmente en Taiwán. |
GB2312 | 936 | Chino Simplificado, juego de caracteres estándar nacional. |
BIG5-HKSCS | Big5 con extensiones de Hong Kong, Chino Tradicional. | |
Shift_JIS | SJIS, 932 | Japonés |
EUC-JP | EUCJP | Japonés |
Note: Cualquier otro juego de caracteres no es reconocido y en su lugar se utilizará ISO-8859-1.
When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.
The converted string.
Versión | Descripción |
---|---|
5.2.3 | The double_encode parameter was added. |
4.1.0 | The charset parameter was added. |
Example #1 htmlspecialchars() example
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
Note:
Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities().