Whats the difference between html entities () and htmlspecialchars ()?
What are the differences between Show
asked Sep 5, 2008 at 18:29
0
answered Sep 1, 2010 at 1:00
Arseni MourzenkoArseni Mourzenko 48.7k34 gold badges108 silver badges192 bronze badges 1 From the PHP documentation for htmlentities:
From the PHP documentation for htmlspecialchars:
The difference is what gets encoded. The choices are everything (entities) or "special" characters, like ampersand, double and single quotes, less than, and greater than (specialchars). I prefer to use For example:
answered Sep 5, 2008 at 18:31
Thomas OwensThomas Owens 112k96 gold badges306 silver badges430 bronze badges 18 This is being encoded with
This is being encoded with
answered Jun 22, 2014 at 12:48
BerkyBerky 1,1811 gold badge7 silver badges9 bronze badges 4 Because:
answered Sep 1, 2010 at 0:57
ArtefactoArtefacto 94.3k16 gold badges194 silver badges221 bronze badges 0 You should use For example, encode
However, if you also have additional characters that are Unicode or uncommon symbols in your text then you should use htmlentities() to ensure they show up properly in your HTML page. Notes:
answered Aug 22, 2012 at 18:38
KmeixnerKmeixner 1,5544 gold badges20 silver badges32 bronze badges 1
answered Sep 1, 2010 at 0:58
grossvogelgrossvogel 6,6441 gold badge25 silver badges36 bronze badges I just found out about the
Ry-♦ 211k54 gold badges441 silver badges455 bronze badges answered Apr 6, 2011 at 17:38
Eric HogueEric Hogue 8,6004 gold badges24 silver badges20 bronze badges 1 htmlentities — Convert all applicable characters to HTML entities. htmlspecialchars — Convert special characters to HTML entities. The translations performed translation characters on the below:
You can check the following code for more information about what's htmlentities and htmlspecialchars: https://gist.github.com/joko-wandiro/f5c935708d9c37d8940b
G-Nugget 8,5061 gold badge25 silver badges31 bronze badges answered May 11, 2015 at 3:05
Joko WandiroJoko Wandiro 1,9371 gold badge17 silver badges27 bronze badges You probably want to use some Unicode character encoding, for example UTF-8, and htmlspecialchars. Because there isn't any need to generate "HTML entities" for "all [the] applicable characters" (that is what htmlentities does according to the documentation) if it's already in your character set.
answered Sep 5, 2008 at 18:39
ciccic 7,1483 gold badges23 silver badges34 bronze badges The differences between htmlspecialchars() and htmlentities() is very small. Lets see some examples:
htmlspecialchars(string $string) takes multiple arguments where as the first argument is a string and all other arguments (certain flags, certain encodings etc. ) are optional. htmlspecialchars converts special characters in the string to HTML entities. For example if you have < br > in your string, htmlspecialchars will convert it into < b >. Whereas characters like µ † etc. have no special significance in HTML. So they will be not converted to HTML entities by htmlspecialchars function as shown in the below example.
htmlentities ( string $string) is very similar to htmlspecialchars and takes multiple arguments where as the first argument is a string and all other arguments are optional (certain flags, certain encodings etc.). Unlike htmlspecialchars, htmlentities converts not only special characters in the string to HTML entities but all applicable characters to HTML entities.
answered Oct 6, 2018 at 11:08
N RandhawaN Randhawa 8,0433 gold badges41 silver badges47 bronze badges One small example, I needed to have 2 client names indexed in a function:
I originally answered Feb 2, 2016 at 6:02
learn2reidlearn2reid 1701 silver badge5 bronze badges 0
https://dev.w3.org/html5/html-author/charref
Not fully, pls track the link for fully document. answered Jan 19, 2017 at 15:24
0 What is the purpose of HTML entities () function?The htmlentities() function converts characters to HTML entities. Tip: To convert HTML entities back to characters, use the html_entity_decode() function. Tip: Use the get_html_translation_table() function to return the translation table used by htmlentities().
When should I use Htmlspecialchars?You use htmlspecialchars EVERY time you output content within HTML, so it is interpreted as content and not HTML. If you allow content to be treated as HTML, you have just opened the door to bugs at a minimum, and total XSS hacks at worst.
What does Htmlspecialchars return?This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.
Does Htmlspecialchars prevent XSS?Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS. This process is also known as HTML Escaping.
|