Funciones de strings
PHP Manual

htmlspecialchars

(PHP 4, PHP 5)

htmlspecialcharsConvert special characters to HTML entities

Descripción

string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT [, string $charset [, bool $double_encode = true ]]] )

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.

This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application.

The translations performed are:

Parámetros

string

The string being converted.

flags

The optional second argument, flags, tells the function what to do with single and double quote characters and with invalid multi-byte sequences. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated. In addition, since 5.3.0, these constants can be combined with ENT_IGNORE. In that case, strings that contain invalid code unit sequences have those invalid sequences discarded instead of having the function return an empty string. Avoid using it, as it may have introduce vulnerabilities.

charset

Defines character set used in conversion. The default character set is ISO-8859-1.

For the purposes of this function, the charsets ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, as the characters affected by htmlspecialchars() occupy the same positions in all of these charsets.

Los siguientes juegos de caracteres son soportados en PHP 4.3.0 y versiones posteriores.

Conjunto de Caracteres Soportados
Juego de caracteres Alias Descripción
ISO-8859-1 ISO8859-1 Europeo Occidental, Latin-1
ISO-8859-15 ISO8859-15 Europeo Occidental, Latin-9. Añade el signo de Euro, y letras del Francés y Finlandés que hacián falta en Latin-1(ISO-8859-1).
UTF-8   Multi-byte Unicode de 8-bits compatible con ASCII.
cp866 ibm866, 866 Juego de caracteres Cirílico específico de DOS. Este juego de caracteres está soportado en la versión 4.3.2.
cp1251 Windows-1251, win-1251, 1251 Juego de caracteres Cirílicos específico de Windows. Este juego de caracteres está soportado en la versíón 4.3.2.
cp1252 Windows-1252, 1252 Juego de caracteres específico de Windows para Europa Occidental.
KOI8-R koi8-ru, koi8r Ruso. Este juego de caracteres está soportado en la versión 4.3.2.
BIG5 950 Chino Tradicional, usado principalmente en Taiwán.
GB2312 936 Chino Simplificado, juego de caracteres estándar nacional.
BIG5-HKSCS   Big5 con extensiones de Hong Kong, Chino Tradicional.
Shift_JIS SJIS, 932 Japonés
EUC-JP EUCJP Japonés

Note: Cualquier otro juego de caracteres no es reconocido y en su lugar se utilizará ISO-8859-1.

double_encode

When double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.

Valores devueltos

The converted string.

Historial de cambios

Versión Descripción
5.2.3 The double_encode parameter was added.
4.1.0 The charset parameter was added.

Ejemplos

Example #1 htmlspecialchars() example

<?php
$new 
htmlspecialchars("<a href='test'>Test</a>"ENT_QUOTES);
echo 
$new// &lt;a href=&#039;test&#039;&gt;Test&lt;/a&gt;
?>

Notas

Note:

Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities().

Ver también


Funciones de strings
PHP Manual