Updated April 1, 2023
Definition of PHP htmlspecialchars
In PHP htmlspecialchars method is used for encoding of the string. By the use of htmlspecialchars method, we can encode our string by specifying certain parameters for it. htmlspecialchars method converts some special character of the string into HTML based entities, we have some of the pre-defined characters which got converted by this htmlspecialchars method in PHP> This is used where we want to apply some HTML code in between the string. htmlspecialchars methods take multiple inputs as the parameters we will discuss this in the coming section in more detail.
Syntax
htmlspecialchars method takes multiple parameters as the input from the user, also these different parameters represent a different types of roles in converting the string to HTML based entity. For better understanding we will see its syntax see below;
htmlspecialchars(your_string,flags_if_any,character-set_if_any,double_encode_if_any)So as you can see in the above syntax we are passing multiple parameters to this htmlspecialchars method in PHP all serve a different purpose. But the string is the mandatory parameter here which is required while calling this method. In the coming section, we will discuss more its parameter in detail. For instance, we can have a practice syntax for beginners for more clarity see below;
e.g.:
htmlspecialchars("my string hello <br>")How htmlspecialchars method work in PHP?
As of now we know that htmlspecialchars method is issued to encode the special characters present in a string, these special characters are already pre-defined in the HTML. we will discuss more this. HTML provides us with five types of pre-defined special characters which are described below.
Let’s discuss each of them in detail see below;
1) > or greater than In HTML this special character become > while encoding our string to HTML entities. So if you want to use this we need to use ‘>’ symbol for this. For better understanding see the example below;
e.g.:
<?php
$str = "Hello greater than symbol > .";
?>This will now encode ‘>’ into the > where ever it will appear.
2) < or smaller than In HTML this special character become < while encoding our string to HTML entities. So if you want to use this we need to use ‘<‘ symbol for this. For better understanding see the example below;
e.g.:
<?php
$str = "Hello lesser than symbol < .";
?>This will now encode ‘<‘ into the < where ever it will appear.
3) & or ampersand: In HTML this special character become & while encoding our string to HTML entities. So if you want to use this we need to use ‘&’ symbol for this. For better understanding see the example below;
e.g.:
<?php
$str = "Hello ampersand symbol & .";
?>This will now encode ‘&’ into the & where ever it will appear.
4) ‘ or single quote: In HTML this special character becomes’ while encoding our string to HTML entities. So if you want to use this we need to use ”’ symbol for this. For better understanding see the example below;
e.g.:
<?php
$str = "Hello single quote symbol ' .";
?>This will now encode ”’ into the ‘ where ever it will appear.
5) ” or double quote: In HTML this special character becomes " while encoding our string to HTML entities. So if you want to use this we need to use the'”‘ symbol for this. For better understanding see the example below;
e.g.:
<?php
$str = "Hello double quote symbol " .";
?>This will now encode ‘”‘ into the " where ever it will appear.
Now we will talk about the htmlspecialchars method signature that we have. This method takes four parameters. But the string parameter is mandatory once that we have to pass. Other is optional. We will discuss them in detail see below;
Signature
htmlspecialchars(your_string,flags_if_any,character-set_if_any,double_encode_if_any)1. String: This is the string that we want to encode into HTML entities whenever the special character are defined on paper in the string.
2. double_encode: This parameter if specifying will decide we need to encode the string or not. It is a Boolean parameter that takes the value as true or false. By default its value is TRUE that means it will encode the string special characters.
3. character-set: This parameter is also optional, this parameter will decide which chatter set needs to be used here. We have several characters set available some of them are specified below;
- UTF-8
- EUC-JP
- many more
4. flags if any: This parameter is also optional in the method. This parameter will decide the quoting style for the string encoding. We have three quoting styles available see below;
- ENT_NOQUOTES: This flag specifies that no quotes will be encoded here. neither single nor double quotes.
- ENT_QUOTES: This flag will specify that both the quotes will be encoded into the string, single or double.
- ENT_COMPAT: This parameter will only encode the double quotes present into the string. This is the default encoding style for the htmlspecialchars method in PHP.
Some points to be remembered;
- String param is mandatory.
- This will encode the string where ever special character appears.
- HTML has defied some predefined characters. This will prevent the HTML pages from harmful attacks as well.
Example of PHP htmlspecialchars
In this example we are trying to encode our string which contains some of the special characters. Attaching two screenshots one is the output and another one is an encoding string in PHP.
Code:
<!DOCTYPE html>
<html>
<body>
<h2 style="color:Green;">Demo for htmlspecialchars method</h2>
<?php
//here we are using htmlspecialchars method to encode our string and printing the result
echo htmlspecialchars('Demo for "htmlspecialchars" method in PHP ', ENT_NOQUOTES);
?>
</body>
</html>Output:
Encoded String output:
Conclusion
By the use of this, we can prevent our HTML page from harmful links. Because it will encode the string if there is any special character present inside it. We just need to use the htmlspecialchars method and pass the parameters according to our requirements.
Recommended Articles
This has been a guide to PHP htmlspecialchars. Here we discuss the definition, syntax, and working of htmlspecialchars method in PHP along with an Example and code implementation. You can also go through our other suggested articles –
