{"id":695,"date":"2017-03-18T10:27:44","date_gmt":"2017-03-18T04:57:44","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=695"},"modified":"2017-03-29T15:48:32","modified_gmt":"2017-03-29T10:18:32","slug":"htmlspecialchars-vs-htmlentities","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/htmlspecialchars-vs-htmlentities\/","title":{"rendered":"htmlspecialchars vs htmlentities in PHP 4, PHP 5 and PHP 7"},"content":{"rendered":"<h4 id=\"htmlentitiesphp-4-php-5-php-7\"><strong>htmlentities(PHP 4, PHP 5, PHP 7)<\/strong><\/h4>\n<p>htmlentities \u2014 Convert all applicable characters to HTML entities<\/p>\n<h4 id=\"description\"><label class=\"label label-info\">Description :<\/label><\/h4>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">string htmlentities ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get(&quot;default_charset&quot;) [, bool $double_encode = true ]]] )<\/code><\/pre> <\/div>\n[ad type=&#8221;banner&#8221;]\nThis function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.<\/p>\n<p>If you want to decode instead (the reverse) you can use\u00a0html_entity_decode()<br \/>\n<strong>[ http:\/\/us2.php.net\/manual\/en\/function.html-entity-decode.php ].<\/strong><\/p>\n<p><strong>Example #1<\/strong><\/p>\n<p><strong>A\u00a0htmlentities()\u00a0example :<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Php Code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;?php<br\/>$str = &quot;A &#039;quote&#039; is &lt;b&gt;bold&lt;\/b&gt;&quot;;<br\/><br\/>\/\/ Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;\/b&gt;<br\/>echo htmlentities($str);<br\/><br\/>\/\/ Outputs: A &#039;quote&#039; is &lt;b&gt;bold&lt;\/b&gt;<br\/>echo htmlentities($str, ENT_QUOTES);<br\/>?&gt;<\/code><\/pre> <\/div>\n<p><strong>Example #2<\/strong><\/p>\n<p><strong>Usage of ENT_IGNORE :<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Php Code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;?php<br\/>$str = &quot;\\x8F!!!&quot;;<br\/><br\/>\/\/ Outputs an empty string<br\/>echo htmlentities($str, ENT_QUOTES, &quot;UTF-8&quot;);<br\/><br\/>\/\/ Outputs &quot;!!!&quot;<br\/>echo htmlentities($str, ENT_QUOTES | ENT_IGNORE, &quot;UTF-8&quot;);<br\/>?&gt;<\/code><\/pre> <\/div>\n[ad type=&#8221;banner&#8221;]\n<p><strong>htmlspecialchars(PHP 4, PHP 5, PHP 7)<\/strong><\/p>\n<p>htmlspecialchars\u00a0\u2014\u00a0Convert special characters to HTML entities<\/p>\n<p><label class=\"label label-info\">Description :<\/label><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get(&quot;default_charset&quot;) [, bool $double_encode = true ]]] )<\/code><\/pre> <\/div>\n<p>Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings.<\/p>\n<p>This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.<\/p>\n<p>If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document.<\/p>\n<p>If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and\u00a0<strong>htmlentities()\u00a0<\/strong>(which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use\u00a0<strong>mb_encode_numericentity() <\/strong>instead.<\/p>\n<p><strong>Example #1<\/strong><\/p>\n<p><strong>htmlspecialchars()\u00a0example:<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Php Code<\/span> <\/div> <pre class=\"language-php code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-php code-embed-code\">&lt;?php<br\/>$new = htmlspecialchars(&quot;&lt;a href=&#039;test&#039;&gt;Test&lt;\/a&gt;&quot;, ENT_QUOTES);<br\/>echo $new; \/\/ &lt;a href=&#039;test&#039;&gt;Test&lt;\/a&gt;<br\/>?&gt;<\/code><\/pre> <\/div>\n<p><strong>htmlspecialchars vs htmlentities<\/strong><\/p>\n<p>When there is no need to encode all characters which have their HTML equivalents.<\/p>\n<p>If you know that the page encoding match the text special symbols, why would you use htmlentities? htmlspecialchars is much straightforward, and produce less code to send to the client.<\/p>\n<p><strong>For example:<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">echo htmlentities(&#039;&lt;Il \u00e9tait une fois un \u00eatre&gt;.&#039;);<br\/>\/\/ Output: &lt;Il &eacute;tait une fois un &ecirc;tre&gt;.<br\/>\/\/                ^^^^^^^^                 ^^^^^^^<br\/><br\/>echo htmlspecialchars(&#039;&lt;Il \u00e9tait une fois un \u00eatre&gt;.&#039;);<br\/>\/\/ Output: &lt;Il \u00e9tait une fois un \u00eatre&gt;.<br\/>\/\/ <\/code><\/pre> <\/div>\n<p>The second one is shorter, and does not cause any problems if ISO-8859-1 charset is set<\/p>\n<p>When the data will be processed not only through a browser (to avoid decoding HTML entities),<\/p>\n<p>If the output is XML<\/p>\n<ul>\n<li>Sometimes you&#8217;re writing XML data, and you can&#8217;t use HTML entities in a XML file.<\/li>\n<li>Because htmlentities substitutes more characters than htmlspecialchars. This is unnecessary, makes the PHP script less efficient and the resulting HTML code less readable.<\/li>\n<li>htmlentities is only necessary if your pages use encodings such as ASCII or LATIN-1 instead of UTF-8 and you&#8217;re handling data with an encoding different from the page&#8217;s.<\/li>\n<\/ul>\n<p><strong>This is being encoded with htmlentities.<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">implode( array_values( get_html_translation_table( HTML_ENTITIES ) ), &quot;\\t&quot; ):<\/code><\/pre> <\/div>\n[ad type=&#8221;banner&#8221;]\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">&quot; &amp; &lt; &gt;\u000b\u00a1 \u00a2 \u00a3 \u00a4 \u00a5 \u00a6 \u00a7 \u00a8 \u00a9 \u00aa \u00ab \u00ac \u00ad \u00ae \u00af \u00b0 \u00b1 \u00b2 \u00b3 \u00b4 \u00b5 \u00b6 \u00b7 \u00b8 \u00b9 \u00ba \u00bb \u00bc \u00bd \u00be \u00bf \u00c0 \u00c1 \u00c2 \u00c3 \u00c4 \u00c5 \u00c6 \u00c7 \u00c8 \u00c9 \u00ca \u00cb \u00cc \u00cd \u00ce \u00cf \u00d0 \u00d1 \u00d2 \u00d3 \u00d4 \u00d5 \u00d6 \u00d7 \u00d8 \u00d9 \u00da \u00db \u00dc \u00dd \u00de \u00df \u00e0 \u00e1 \u00e2 \u00e3 \u00e4 \u00e5 \u00e6 \u00e7 \u00e8 \u00e9 \u00ea \u00eb \u00ec \u00ed \u00ee \u00ef \u00f0 \u00f1 \u00f2 \u00f3 \u00f4 \u00f5 \u00f6 \u00f7 \u00f8 \u00f9 \u00fa \u00fb \u00fc \u00fd \u00fe \u00ff \u0152 \u0153 \u0160 \u0161 \u0178 \u0192 \u02c6 \u02dc \u0391 \u0392 \u0393 \u0394 \u0395 \u0396 \u0397 \u0398 \u0399 \u039a \u039b \u039c \u039d \u039e \u039f \u03a0 \u03a1 \u03a3 \u03a4 \u03a5 \u03a6 \u03a7 \u03a8 \u03a9 \u03b1 \u03b2 \u03b3 \u03b4 \u03b5 \u03b6 \u03b7 \u03b8 \u03b9 \u03ba \u03bb \u03bc \u03bd \u03be \u03bf \u03c0 \u03c1 \u03c2 \u03c3 \u03c4 \u03c5 \u03c6 \u03c7 \u03c8 \u03c9 \u03d1 \u03d2 \u03d6 \u2002 \u2003 \u2009 \u200c \u200d \u200e \u200f \u2013 \u2014 \u2018 \u2019 \u201a \u201c \u201d \u201e \u2020 \u2021 \u2022 \u2026 \u2030 \u2032 \u2033 \u2039 \u203a \u203e \u2044 \u20ac \u2111 \u2118 \u211c \u2122 \u2135 \u2190 \u2191 \u2192 \u2193 \u2194 \u21b5 \u21d0 \u21d1 \u21d2 \u21d3 \u21d4 \u2200 \u2202 \u2203 \u2205 \u2207 \u2208 \u2209 \u220b \u220f \u2211 \u2212 \u2217 \u221a \u221d \u221e \u2220 \u2227 \u2228 \u2229 \u222a \u222b \u2234 \u223c \u2245 \u2248 \u2260 \u2261 \u2264 \u2265 \u2282 \u2283 \u2284 \u2286 \u2287 \u2295 \u2297 \u22a5 \u22c5 \u2308 \u2309 \u230a \u230b \u27e8 \u27e9 \u25ca \u2660 \u2663 \u2665 \u2666<\/code><\/pre> <\/div>\n<p><strong>This is being encoded with htmlspecialchars.<\/strong><\/p>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">implode( array_values( get_html_translation_table( HTML_SPECIALCHARS ) ), &quot;\\t&quot; ):<\/code><\/pre> <\/div>\n<div class=\"code-embed-wrapper\"> <div class=\"code-embed-infos\"> <span class=\"code-embed-name\">Html Code<\/span> <\/div> <pre class=\"language-markup code-embed-pre line-numbers\"  data-start=\"1\" data-line-offset=\"0\"><code class=\"language-markup code-embed-code\">&quot; &amp; &lt; &gt;<\/code><\/pre> <\/div>\n<p>You should use htmlspecialchars($strText, ENT_QUOTES) when you just want your string to be XML and HTML safe:<\/p>\n<p><b>For example, encode<\/b><\/p>\n<ul>\n<li>&amp; to &amp;amp;<\/li>\n<li>&#8221; to &amp;quot;<\/li>\n<li>&lt; to &amp;lt;<\/li>\n<li>&gt; to &amp;gt;<\/li>\n<li>&#8216; to &amp;#039;<\/li>\n<\/ul>\n<p>However, if you also have additional characters that are\u00a0Unicode\u00a0or uncommon symbols in your text then you should use htmlentities() to ensure they show up properly in your HTML page.<\/p>\n<p><b>Notes:<\/b><\/p>\n<ul>\n<li>&#8216; will only be encoded by htmlspecialchars() to &amp;#039; if the ENT_QUOTES option is passed in. &amp;#039; is safer to use then &amp;apos; since older versions of Internet\u00a0Explorer do not support the &amp;apos; entity.<\/li>\n<li>Technically, &gt; does not need to be encoded as per the XML specification, but it is usually encoded too for consistency with the requirement of &lt; being encoded.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>htmlentities(PHP 4, PHP 5, PHP 7) htmlentities \u2014 Convert all applicable characters to HTML entities Description : [ad type=&#8221;banner&#8221;] This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities. If you want to decode instead (the reverse) you can use\u00a0html_entity_decode() [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24,25],"tags":[1219,1220,1211,1212,1215,1216,1210,1213,1214,1218,1209,1217],"class_list":["post-695","post","type-post","status-publish","format-standard","hentry","category-html","category-php","tag-correct-use-of-htmlspecialchars-or-htmlentities","tag-how-to-prevent-xss-with-htmlphp","tag-htmlentities-decode","tag-htmlspecialchars-javascript","tag-htmlspecialchars-not-working","tag-htmlspecialchars-online","tag-htmlspecialchars-php","tag-htmlspecialchars-xss","tag-htmlspecialchars_decode","tag-htmlspecialchars-x-htmlentities","tag-php-convert-special-characters-to-html-entities","tag-why-use-htmlspecialchars-when-you-have-htmlentities"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=695"}],"version-history":[{"count":0,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/695\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}