Difference between htmlspecialchars and htmlentities

Difference between htmlspecialchars and htmlentities

The htmlentities () function converts characters to HTML objects.

The htmlspecialchars () function converts some predefined characters into HTML objects.

The predefined characters are:

& (And number) becomes & amp;
"(Double quotation marks) into & quot;
'(Single quotes) becomes & #039;
<(Less than) to become <;
> (Greater than) to become & gt;

The translations saved Med are:

'&' (Ampersand) becomes '& amp ;'
'"' (Double quote) becomes '& quot; 'When ENT_NOQUOTES is not set.
''' (Single quote) becomes '& #039;' only when ENT_QUOTES is set.
'<' (Less than) becomes '& lt ;'
'>' (Greater than) becomes '& gt ;'
Htmlspecialchars only converts the above html code, while htmlentities converts all html code, along with the unidentifiable Chinese characters in it.

Example
<Html>
<Body>
<? Php Tutorial
$ Str = "John & 'Adams '";
Echo htmlentities ($ str, ENT_COMPAT );
Echo "<br/> ";
Echo htmlentities ($ str, ENT_QUOTES );
Echo "<br/> ";
Echo htmlentities ($ str, ENT_NOQUOTES );
?>
</Body>
</Html> browser output:

John & 'Adams'
John & 'Adams'
John & 'Adams' if you view the source code in a browser, you will see the following HTML:

<Html>
<Body>
John & amp; 'Adams' <br/>
John & amp; & #039; Adams & #039; <br/>
John & amp; 'Adams'
</Body>
</Html>

We can use a simple example for comparison:

$ Str = '<a href = "test.html"> test page </a> ';
Echo htmlentities ($ str );
// & Lt; a href=&quot;test.html & quot; & gt; & sup2; & acirc; & Ecirc; & Ocirc; & Ograve; & sup3; & Atilde; & aelig; & lt; /a & gt;
 
$ Str = '<a href = "test.html"> test page </a> ';
Echo htmlspecialchars ($ str );
// & Lt; a href?&quot=test.html & quot; & gt; test page & lt;/a & gt;
The conclusion is that it is best to use htmlspecialchars when there is a Chinese character, otherwise it may be garbled

<Html>
<Body>
<? Php
$ Str = "John & 'Adams '";
Echo htmlspecialchars ($ str, ENT_COMPAT );
Echo "<br/> ";
Echo htmlspecialchars ($ str, ENT_QUOTES );
Echo "<br/> ";
Echo htmlspecialchars ($ str, ENT_NOQUOTES );
?>
</Body>
</Html> browser output:

John www.111cn.net & 'Adams'
John & 'Adams'
John & 'Adams' if you view the source code in a browser, you will see the following HTML:

<Html>
<Body>
John www.111cn.net & amp; 'Adams' <br/>
John & amp; & #039; Adams & #039; <br/>
John & amp; 'Adams'
</Body>
</Html>

For more information, see this UDF.

Function my_excerpt ($ html, $ len ){
// $ Html should contain an HTML document.
// In this example, the HTML tag and webpage special effect code will be removed.
// And blank characters. Some common
// Convert the HTML object to the corresponding text.
$ Search = array ("'<script [^>] *?>. *? </Script> 'Si ", // remove javascript
"'<[/!] *? [^ <>] *?> 'Si ", // remove the HTML tag
"'([Rn]) [s] +'", // remove the white space
"'& (Quot | #34);' I", // replaces the HTML object
"'& (Amp | #38);' I ",
"'& (Lt | #60);' I ",
"'& (Gt | #62);' I ",
"'& (Nbsp | #160);' I ",
"'& (Iexcl | #161);' I ",
"'& (Cent | #162);' I ",
"'& (Pound | #163);' I ",
"'& (Copy | #169);' I ",
"'& # (D +); 'e"); // run as PHP code
$ Replace = array ("",
"",
"1 ",
""",
"&",
"<",
"> ",
"",
Chr (1, 161 ),
Chr (1, 162 ),
Chr (1, 163 ),
Chr (1, 169 ),
"Chr (1 )");
$ Text = preg_replace ($ search, $ replace, $ html );
$ Text = trim ($ text );
Return mb_strlen ($ text) >=$ len? Mb_substr ($ text, 0, $ len ):'';
}