PHP : htmlspecialchars() function


The htmlspecialchars() function is used to converts special characters ( e.g. & (ampersand), " (double quote), ' (single quote), < (less than), > (greater than)) to HTML entities ( i.e. & (ampersand) becomes &amp, ' (single quote) becomes &#039, < (less than) becomes &lt; (greater than) becomes &gt; ).


(PHP 4 and above)




Name Description Required /
input_string The string to be converted. Required String
quote_style Encoding single and double quote.
ENT_COMPAT : Convert double quotes and leave single quotes unchanged.
ENT_COMPAT is the default setting
ENT_QUOTES : Converts both single and double quotes.
ENT_NOQUOTES: Converts neither single nor double quotes.
Optional Integer
charset Refers the character set to be used.
List of character set.
ISO-8859-1 : Western European, Latin-1 [default character set].
ISO-8859-15 : Western European, Latin-9. UTF-8 : ASCII compatible multi-byte 8-bit Unicode.
cp866 : DOS-specific Cyrillic charset.
cp1251 : Windows-specific Cyrillic charset.
cp1252 : Windows-specific charset for Western European.
KOI8-R : Russian.
BIG5 : Traditional Chinese.
GB2312 : Simplified Chinese.
BIG5-HKSCS : Big5 with Hong Kong extensions.
Shift_JIS : Japanese.
EUC-JP : Japanese.
Optional String

Return value:

The converted string.

Value Type: String.


$convert = "<li><a href='index.php'>We are learning php</a></li>";
echo "Original string : ".$convert;
echo "<br />";
htmlspecialchars("<li><a href='index.php'>We are learning php</a></li>", ENT_QUOTES);
echo "Only HTML special characters : ".htmlspecialchars($convert);


Original string: 

Only HTML special characters :
 <li><a href='index.php'>We are learning php</a></li>

View the example in the browser

See also

PHP Function Reference

Previous: htmlspecialchars_ decode
Next: implode

PHP: Tips of the Day

A resource is a special type of variable that references an external resource, such as a file, socket, stream, document, or connection


$file = fopen('/etc/passwd', 'r');
echo gettype($file);
# Out: resource
echo $file;
# Out: Resource id #2 

There are different (sub-)types of resource. You can check the resource type using get_resource_type():

$file = fopen('/etc/passwd', 'r'); 
echo get_resource_type($file);
#Out: stream
$sock = fsockopen('www.google.com', 80);
echo get_resource_type($sock);
#Out: stream