Differences between PHP htmlentities and htmlspecialchars

The translations saved med are:

CopyCode The Code is as follows: '&' (ampersand) becomes '&'
'"' (Double quote) becomes '" 'when ent_noquotes is not set.
''' (Single quote) becomes ''' only when ent_quotes is set.
'<' (Less than) becomes' <'
'>' (Greater than) becomes '>'

Htmlspecialchars only converts the above HTML code, while htmlentities converts all HTML code, along with the unidentifiable Chinese characters in it.

We can use a simple example for comparison:Copy codeThe Code is as follows: $ STR = '<a href = "test.html"> test page </a> ';
Echo htmlentities ($ Str );
// <A href = "test.html"> ² â ê ô ò ³ ã æ </a>

$ STR = '<a href = "test.html"> test page </a> ';
Echo htmlspecialchars ($ Str );
// <A href = "test.html"> test page </a>

The conclusion is that it is best to use htmlspecialchars when there is a Chinese character, otherwise it may be garbled

For more information, see this UDF. Copy code The Code is as follows: function my_excerpt ($ HTML, $ Len ){
// $ HTML should contain an HTML document.
// In this example, the HTML Tag and JavaScript code are removed.
// And blank characters. Some common
// Convert the HTML object to the corresponding text.
$ Search = array ("'<SCRIPT [^>] *?>. *? </SCRIPT> 'si ", // remove Javascript
"'<[\/\!] *? [^ <>] *?> 'Si ", // remove the HTML Tag
"'([\ R \ n]) [\ s] +'", // remove the white space
"'& (Quot | #34);' I", // replaces the HTML Object
"'& (Amp | #38);' I ",
"'& (LT | #60);' I ",
"'& (GT | #62);' I ",
"'& (Nbsp | #160);' I ",
"'& (Iexcl | #161);' I ",
"'& (Cent | #162);' I ",
"'& (Pound | #163);' I ",
"'& (Copy | #169);' I ",
"'(\ D +); 'E"); // run as PHP code
$ Replace = array ("",
"",
"\ 1 ",
"\"",
"&",
"<",
"> ",
"",
CHR (1, 161 ),
CHR (1, 162 ),
CHR (1, 163 ),
CHR (1, 169 ),
"CHR (\ 1 )");
$ Text = preg_replace ($ search, $ replace, $ html );
$ Text = trim ($ text );
Return mb_strlen ($ text) >=$ Len? Mb_substr ($ text, 0, $ Len ):'';
}

The htmlspecialchar () function and htmlentities () function both convert HTML code. htmlspecialchars_decode converts the converted HTML code into HTML code.

We can use a simple example for comparison:Copy codeThe Code is as follows: $ STR = '<a href = "test.html"> test </a> ';
$ Transstr = htmlspecialchars ($ Str );
Echo $ transstr. "<br/> ";
Echo htmlspecialchars_decode ($ transstr )";

Run the above Code to see the difference between the two.

I always know that the htmlentities and htmlspecialchars functions in PHP can convert special characters in HTML into corresponding character entity (I don't know how to translate), and I always know the differences between htmlentities and htmlspecialchars functions, however, if these two functions are not used all the time, the difference has not been studied.

I used it today. I am too lazy to read the birds in the PHP manual. I think someone should have written this question in Chinese. So Google's keyword "htmlentities htmlspecialchars" is the same. I have become familiar with it. Copy, paste, and connect to elementary school students. After comparison, we found thatArticleIt includes two parts:

The first part is a reference to the PHP manual:

In the PHP manual, htmlspecialchars wrote:

The translations saved med are:Copy codeThe Code is as follows: '&' (ampersand) becomes '&'
'"' (Double quote) becomes '" 'when ent_noquotes is not set.
"'(Single quote) becomes ''' only when ent_quotes is set.
'<' (Less than) becomes' <'
'>' (Greater than) becomes '>'

This part is understandable, but the second part is not correct:

Htmlspecialchars only converts the above HTML code, while htmlentities converts all HTML code, along with the unidentifiable Chinese characters in it.

We can use a simple example for comparison:Copy codeThe Code is as follows: <? PHP
$ STR = '<a href = "test.html"> test page </a> ';
Echo htmlentities ($ Str );

// <A href = "test.html"> ² â ê ô ò ³ ã æ </a>

$ STR = '<a href = "test.html"> test page </a> ';
Echo htmlspecialchars ($ Str );
// <A href = "test.html"> test page </a>

?>

The conclusion is that it is best to use htmlspecialchars when there is a Chinese character, otherwise it may be garbled.

Does the htmlentities function have only one parameter? Of course not! Htmlentities has three optional parameters: $ quote_style, $ charset, and $ double_encode. The manual describes the $ charset parameter as follows:

Defines character set used in conversion. The default character set is ISO-8859-1.

From aboveProgramThe output result indicates that $ STR is gb2312 encoded. The hexadecimal value corresponding to the words "test page" is:

B2 E2 ca D4 D2 B3 C3 E6

But it is regarded as ISO-8859-1 encoding to resolve:

² Â ê ô ò ³ ã æ

Corresponds to the following in HTML character entity:

² Â ê ô ò ³ ã æ

Of course, it will be escaped by htmlentities, but as long as the correct encoding is added as a parameter, there will be no so-called Chinese garbled problem:

$ STR = '<a href = "test.html"> test page </a> ';

Echo htmlentities ($ STR, ent_compat, 'gb2312 ');
// <A href = "test.html"> test page </a>.

Conclusion: The difference between htmlentities and htmlspecialchars is that htmlentities convert all HTML character entity, htmlspecialchars will only convert several HTML character entity listed in the Manual (that is, the basic characters that will affect HTML parsing ). Generally, it is enough to use htmlspecialchars to convert the basic characters, and htmlentities is not necessary. When using htmlentities, be sure to pass the correct encoding for the third parameter.