{"id":695,"date":"2017-03-18T10:27:44","date_gmt":"2017-03-18T04:57:44","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=695"},"modified":"2017-03-29T15:48:32","modified_gmt":"2017-03-29T10:18:32","slug":"htmlspecialchars-vs-htmlentities","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/htmlspecialchars-vs-htmlentities\/","title":{"rendered":"htmlspecialchars vs htmlentities in PHP 4, PHP 5 and PHP 7"},"content":{"rendered":"<h4 id=\"htmlentitiesphp-4-php-5-php-7\"><strong>htmlentities(PHP 4, PHP 5, PHP 7)<\/strong><\/h4>\n<p>htmlentities \u2014 Convert all applicable characters to HTML entities<\/p>\n<h4 id=\"description\"><label class=\"label label-info\">Description :<\/label><\/h4>\n[pastacode lang=\u201dmarkup\u201d manual=\u201dstring%20htmlentities%20(%20string%20%24string%20%5B%2C%20int%20%24flags%20%3D%20ENT_COMPAT%20%7C%20ENT_HTML401%20%5B%2C%20string%20%24encoding%20%3D%20ini_get(%22default_charset%22)%20%5B%2C%20bool%20%24double_encode%20%3D%20true%20%5D%5D%5D%20)%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[ad type=\u201dbanner\u201d]\nThis function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.<\/p>\n<p>If you want to decode instead (the reverse) you can use\u00a0html_entity_decode()<br \/>\n<strong>[ http:\/\/us2.php.net\/manual\/en\/function.html-entity-decode.php ].<\/strong><\/p>\n<p><strong>Example #1<\/strong><\/p>\n<p><strong>A\u00a0htmlentities()\u00a0example :<\/strong><\/p>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3C%3Fphp%0A%24str%20%3D%20%22A%20\u2019quote\u2019%20is%20%3Cb%3Ebold%3C%2Fb%3E%22%3B%0A%0A%2F%2F%20Outputs%3A%20A%20\u2019quote\u2019%20is%20%26lt%3Bb%26gt%3Bbold%26lt%3B%2Fb%26gt%3B%0Aecho%20htmlentities(%24str)%3B%0A%0A%2F%2F%20Outputs%3A%20A%20%26%23039%3Bquote%26%23039%3B%20is%20%26lt%3Bb%26gt%3Bbold%26lt%3B%2Fb%26gt%3B%0Aecho%20htmlentities(%24str%2C%20ENT_QUOTES)%3B%0A%3F%3E%0A\u201d message=\u201dPhp Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><strong>Example #2<\/strong><\/p>\n<p><strong>Usage of ENT_IGNORE :<\/strong><\/p>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3C%3Fphp%0A%24str%20%3D%20%22%5Cx8F!!!%22%3B%0A%0A%2F%2F%20Outputs%20an%20empty%20string%0Aecho%20htmlentities(%24str%2C%20ENT_QUOTES%2C%20%22UTF-8%22)%3B%0A%0A%2F%2F%20Outputs%20%22!!!%22%0Aecho%20htmlentities(%24str%2C%20ENT_QUOTES%20%7C%20ENT_IGNORE%2C%20%22UTF-8%22)%3B%0A%3F%3E%0A\u201d message=\u201dPhp Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[ad type=\u201dbanner\u201d]\n<p><strong>htmlspecialchars(PHP 4, PHP 5, PHP 7)<\/strong><\/p>\n<p>htmlspecialchars\u00a0\u2014\u00a0Convert special characters to HTML entities<\/p>\n<p><label class=\"label label-info\">Description :<\/label><\/p>\n[pastacode lang=\u201dmarkup\u201d manual=\u201dstring%20htmlspecialchars%20(%20string%20%24string%20%5B%2C%20int%20%24flags%20%3D%20ENT_COMPAT%20%7C%20ENT_HTML401%20%5B%2C%20string%20%24encoding%20%3D%20ini_get(%22default_charset%22)%20%5B%2C%20bool%20%24double_encode%20%3D%20true%20%5D%5D%5D%20)%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p>Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings.<\/p>\n<p>This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.<\/p>\n<p>If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document.<\/p>\n<p>If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and\u00a0<strong>htmlentities()\u00a0<\/strong>(which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use\u00a0<strong>mb_encode_numericentity() <\/strong>instead.<\/p>\n<p><strong>Example #1<\/strong><\/p>\n<p><strong>htmlspecialchars()\u00a0example:<\/strong><\/p>\n[pastacode lang=\u201dphp\u201d manual=\u201d%3C%3Fphp%0A%24new%20%3D%20htmlspecialchars(%22%3Ca%20href%3D\u2019test\u2019%3ETest%3C%2Fa%3E%22%2C%20ENT_QUOTES)%3B%0Aecho%20%24new%3B%20%2F%2F%20%26lt%3Ba%20href%3D%26%23039%3Btest%26%23039%3B%26gt%3BTest%26lt%3B%2Fa%26gt%3B%0A%3F%3E%0A\u201d message=\u201dPhp Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><strong>htmlspecialchars vs htmlentities<\/strong><\/p>\n<p>When there is no need to encode all characters which have their HTML equivalents.<\/p>\n<p>If you know that the page encoding match the text special symbols, why would you use htmlentities? htmlspecialchars is much straightforward, and produce less code to send to the client.<\/p>\n<p><strong>For example:<\/strong><\/p>\n[pastacode lang=\u201dmarkup\u201d manual=\u201decho%20htmlentities(\u2018%3CIl%20%C3%A9tait%20une%20fois%20un%20%C3%AAtre%3E.\u2019)%3B%0A%2F%2F%20Output%3A%20%26lt%3BIl%20%26eacute%3Btait%20une%20fois%20un%20%26ecirc%3Btre%26gt%3B.%0A%2F%2F%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5E%5E%5E%5E%5E%5E%5E%5E%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%5E%5E%5E%5E%5E%5E%5E%0A%0Aecho%20htmlspecialchars(\u2018%3CIl%20%C3%A9tait%20une%20fois%20un%20%C3%AAtre%3E.\u2019)%3B%0A%2F%2F%20Output%3A%20%26lt%3BIl%20%C3%A9tait%20une%20fois%20un%20%C3%AAtre%26gt%3B.%0A%2F%2F%20%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p>The second one is shorter, and does not cause any problems if ISO-8859-1 charset is set<\/p>\n<p>When the data will be processed not only through a browser (to avoid decoding HTML entities),<\/p>\n<p>If the output is XML<\/p>\n<ul>\n<li>Sometimes you\u2019re writing XML data, and you can\u2019t use HTML entities in a XML file.<\/li>\n<li>Because htmlentities substitutes more characters than htmlspecialchars. This is unnecessary, makes the PHP script less efficient and the resulting HTML code less readable.<\/li>\n<li>htmlentities is only necessary if your pages use encodings such as ASCII or LATIN-1 instead of UTF-8 and you\u2019re handling data with an encoding different from the page\u2019s.<\/li>\n<\/ul>\n<p><strong>This is being encoded with htmlentities.<\/strong><\/p>\n[pastacode lang=\u201dmarkup\u201d manual=\u201dimplode(%20array_values(%20get_html_translation_table(%20HTML_ENTITIES%20)%20)%2C%20%22%5Ct%22%20)%3A%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[ad type=\u201dbanner\u201d]\n[pastacode lang=\u201dmarkup\u201d manual=\u201d%22%20%26%20%3C%20%3E%0B%C2%A1%20%C2%A2%20%C2%A3%20%C2%A4%20%C2%A5%20%C2%A6%20%C2%A7%20%C2%A8%20%C2%A9%20%C2%AA%20%C2%AB%20%C2%AC%20%C2%AD%20%C2%AE%20%C2%AF%20%C2%B0%20%C2%B1%20%C2%B2%20%C2%B3%20%C2%B4%20%C2%B5%20%C2%B6%20%C2%B7%20%C2%B8%20%C2%B9%20%C2%BA%20%C2%BB%20%C2%BC%20%C2%BD%20%C2%BE%20%C2%BF%20%C3%80%20%C3%81%20%C3%82%20%C3%83%20%C3%84%20%C3%85%20%C3%86%20%C3%87%20%C3%88%20%C3%89%20%C3%8A%20%C3%8B%20%C3%8C%20%C3%8D%20%C3%8E%20%C3%8F%20%C3%90%20%C3%91%20%C3%92%20%C3%93%20%C3%94%20%C3%95%20%C3%96%20%C3%97%20%C3%98%20%C3%99%20%C3%9A%20%C3%9B%20%C3%9C%20%C3%9D%20%C3%9E%20%C3%9F%20%C3%A0%20%C3%A1%20%C3%A2%20%C3%A3%20%C3%A4%20%C3%A5%20%C3%A6%20%C3%A7%20%C3%A8%20%C3%A9%20%C3%AA%20%C3%AB%20%C3%AC%20%C3%AD%20%C3%AE%20%C3%AF%20%C3%B0%20%C3%B1%20%C3%B2%20%C3%B3%20%C3%B4%20%C3%B5%20%C3%B6%20%C3%B7%20%C3%B8%20%C3%B9%20%C3%BA%20%C3%BB%20%C3%BC%20%C3%BD%20%C3%BE%20%C3%BF%20%C5%92%20%C5%93%20%C5%A0%20%C5%A1%20%C5%B8%20%C6%92%20%CB%86%20%CB%9C%20%CE%91%20%CE%92%20%CE%93%20%CE%94%20%CE%95%20%CE%96%20%CE%97%20%CE%98%20%CE%99%20%CE%9A%20%CE%9B%20%CE%9C%20%CE%9D%20%CE%9E%20%CE%9F%20%CE%A0%20%CE%A1%20%CE%A3%20%CE%A4%20%CE%A5%20%CE%A6%20%CE%A7%20%CE%A8%20%CE%A9%20%CE%B1%20%CE%B2%20%CE%B3%20%CE%B4%20%CE%B5%20%CE%B6%20%CE%B7%20%CE%B8%20%CE%B9%20%CE%BA%20%CE%BB%20%CE%BC%20%CE%BD%20%CE%BE%20%CE%BF%20%CF%80%20%CF%81%20%CF%82%20%CF%83%20%CF%84%20%CF%85%20%CF%86%20%CF%87%20%CF%88%20%CF%89%20%CF%91%20%CF%92%20%CF%96%20%E2%80%82%20%E2%80%83%20%E2%80%89%20%E2%80%8C%20%E2%80%8D%20%E2%80%8E%20%E2%80%8F%20%E2%80%93%20%E2%80%94%20%E2%80%98%20%E2%80%99%20%E2%80%9A%20%E2%80%9C%20%E2%80%9D%20%E2%80%9E%20%E2%80%A0%20%E2%80%A1%20%E2%80%A2%20%E2%80%A6%20%E2%80%B0%20%E2%80%B2%20%E2%80%B3%20%E2%80%B9%20%E2%80%BA%20%E2%80%BE%20%E2%81%84%20%E2%82%AC%20%E2%84%91%20%E2%84%98%20%E2%84%9C%20%E2%84%A2%20%E2%84%B5%20%E2%86%90%20%E2%86%91%20%E2%86%92%20%E2%86%93%20%E2%86%94%20%E2%86%B5%20%E2%87%90%20%E2%87%91%20%E2%87%92%20%E2%87%93%20%E2%87%94%20%E2%88%80%20%E2%88%82%20%E2%88%83%20%E2%88%85%20%E2%88%87%20%E2%88%88%20%E2%88%89%20%E2%88%8B%20%E2%88%8F%20%E2%88%91%20%E2%88%92%20%E2%88%97%20%E2%88%9A%20%E2%88%9D%20%E2%88%9E%20%E2%88%A0%20%E2%88%A7%20%E2%88%A8%20%E2%88%A9%20%E2%88%AA%20%E2%88%AB%20%E2%88%B4%20%E2%88%BC%20%E2%89%85%20%E2%89%88%20%E2%89%A0%20%E2%89%A1%20%E2%89%A4%20%E2%89%A5%20%E2%8A%82%20%E2%8A%83%20%E2%8A%84%20%E2%8A%86%20%E2%8A%87%20%E2%8A%95%20%E2%8A%97%20%E2%8A%A5%20%E2%8B%85%20%E2%8C%88%20%E2%8C%89%20%E2%8C%8A%20%E2%8C%8B%20%E2%9F%A8%20%E2%9F%A9%20%E2%97%8A%20%E2%99%A0%20%E2%99%A3%20%E2%99%A5%20%E2%99%A6%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p><strong>This is being encoded with htmlspecialchars.<\/strong><\/p>\n[pastacode lang=\u201dmarkup\u201d manual=\u201dimplode(%20array_values(%20get_html_translation_table(%20HTML_SPECIALCHARS%20)%20)%2C%20%22%5Ct%22%20)%3A%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n[pastacode lang=\u201dmarkup\u201d manual=\u201d%22%20%26%20%3C%20%3E%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/]\n<p>You should use htmlspecialchars($strText, ENT_QUOTES) when you just want your string to be XML and HTML safe:<\/p>\n<p><b>For example, encode<\/b><\/p>\n<ul>\n<li>& to &amp;<\/li>\n<li>\u201d to &quot;<\/li>\n<li>< to &lt;<\/li>\n<li>> to &gt;<\/li>\n<li>\u2018 to &#039;<\/li>\n<\/ul>\n<p>However, if you also have additional characters that are\u00a0Unicode\u00a0or uncommon symbols in your text then you should use htmlentities() to ensure they show up properly in your HTML page.<\/p>\n<p><b>Notes:<\/b><\/p>\n<ul>\n<li>\u2018 will only be encoded by htmlspecialchars() to &#039; if the ENT_QUOTES option is passed in. &#039; is safer to use then &apos; since older versions of Internet\u00a0Explorer do not support the &apos; entity.<\/li>\n<li>Technically, > does not need to be encoded as per the XML specification, but it is usually encoded too for consistency with the requirement of < being encoded.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>htmlentities(PHP 4, PHP 5, PHP 7) htmlentities \u2014 Convert all applicable characters to HTML entities Description : [pastacode lang=\u201dmarkup\u201d manual=\u201dstring%20htmlentities%20(%20string%20%24string%20%5B%2C%20int%20%24flags%20%3D%20ENT_COMPAT%20%7C%20ENT_HTML401%20%5B%2C%20string%20%24encoding%20%3D%20ini_get(%22default_charset%22)%20%5B%2C%20bool%20%24double_encode%20%3D%20true%20%5D%5D%5D%20)%0A\u201d message=\u201dHtml Code\u201d highlight=\u201d\u201d provider=\u201dmanual\u201d\/] [ad type=\u201dbanner\u201d] This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities. If you want to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24,25],"tags":[1219,1220,1211,1212,1215,1216,1210,1213,1214,1218,1209,1217],"class_list":["post-695","post","type-post","status-publish","format-standard","hentry","category-html","category-php","tag-correct-use-of-htmlspecialchars-or-htmlentities","tag-how-to-prevent-xss-with-htmlphp","tag-htmlentities-decode","tag-htmlspecialchars-javascript","tag-htmlspecialchars-not-working","tag-htmlspecialchars-online","tag-htmlspecialchars-php","tag-htmlspecialchars-xss","tag-htmlspecialchars_decode","tag-htmlspecialchars-x-htmlentities","tag-php-convert-special-characters-to-html-entities","tag-why-use-htmlspecialchars-when-you-have-htmlentities"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=695"}],"version-history":[{"count":0,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/695\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}