htmlspecialchars

(PHP 3, PHP 4 >= 4.0b1)

htmlspecialchars --  Convert special characters to HTML entities

Description

string htmlspecialchars (string string [, int quote_style])

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.

This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application. The optional second argument, quote_style, tells the function what to do with single and double quote characters. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated.

The translations performed are:

Example 1. htmlspecialchars() example


$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
      

Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities(). Also note that the optional second argument was added in PHP 3.0.17 and PHP 4.0.3.

See also htmlentities() and nl2br().