The translations performed are:
Copy Code code as follows:
' & ' (ampersand) becomes ' & '
' "' (double quote) becomes '" ' when ent_noquotes are not set.
' (single quote) becomes ' "is set.
' < ' (less than) becomes ' < '
' > ' (greater than) becomes ' > '
Htmlspecialchars only converts the above HTML code, and htmlentities transforms all the HTML code, along with its unrecognized Chinese character.
We can compare them with a simple example:
Copy Code code as follows:
$str = ' <a href= ' test.html ' > Test page </a> ';
echo htmlentities ($STR);
<a href= "test.html" >²âÊÔÒ³Ãæ</a>
$str = ' <a href= ' test.html ' > Test page </a> ';
echo Htmlspecialchars ($STR);
<a href= "test.html" > Test page </a>
The conclusion is that when there is Chinese, it is best to use htmlspecialchars, otherwise it may be garbled.
Also refer to this custom function
Copy Code code as follows:
function My_excerpt ($html, $len) {
$html should contain an HTML document.
This example removes HTML tags, javascript code
and whitespace characters. There will also be some generic
The HTML entity is converted to the appropriate text.
$search = Array ("' <script[^>]*?>.*?</script> ' si",//Remove JavaScript
"' <[\/\!] *? [^<>]*?> ' Si ',//Remove HTML tags
"' ([\ r \ n]) [\s]+ '],//remove white space characters
"' & (quot| #34); ' I ",//Replace HTML entity
"' & (amp| #38); ' I ",
"' & (lt| #60); ' I ",
"' & (gt| #62); ' I ",
"' & (nbsp| #160); ' I ",
"' & (iexcl| #161); ' I ",
"' & (cent| #162); ' I ",
"' & (pound| #163); ' I ",
"' & (copy| #169); ' I ",
"' &# (\d+); ' E "); Run as PHP code
$replace = Array ("",
"",
"\\1",
"\"",
"&",
"<",
">",
" ",
Chr (161),
Chr (162),
Chr (163),
Chr (169),
"Chr (\\1)");
$text = Preg_replace ($search, $replace, $html);
$text = Trim ($text);
Return Mb_strlen ($text) >= $len? Mb_substr ($text, 0, $len): ';
}
The Htmlspecialchar () function and the htmlentities () function are similar to converting HTML code, Htmlspecialchars_decode converting HTML encoding to converting it back.
We can compare them with a simple example:
Copy Code code as follows:
$str = ' <a href= ' test.html ' > Test </a> ';
$transstr = Htmlspecialchars ($STR);
Echo $transstr. "<br/>";
echo Htmlspecialchars_decode ($TRANSSTR) ";
Run the above code, you can see the difference between the two.
Always know that the htmlentities and Htmlspecialchars functions in PHP can convert special characters in HTML into corresponding character entity (don't know how to translate), and always know htmlentities and HTML There is a difference between the Specialchars function, but the two functions have never been used, and there has been no study of what the difference is.
Today, I do not bother to read the language in the PHP manual, I think this problem should be someone in Chinese wrote, so Google keyword "htmlentities htmlspecialchars", the answer is the same. I have been commonplace, copy and paste even elementary school students will. By contrast, each article probably contains two parts:
The first part is the instructions for referencing the PHP manual:
The PHP manual writes to Htmlspecialchars:
The translations performed are:
Copy Code code as follows:
' & ' (ampersand) becomes ' & '
' "' (double quote) becomes '" ' when ent_noquotes are not set.
"' (single quote) becomes '" was set.
' < ' (less than) becomes ' < '
' > ' (greater than) becomes ' > '
This part is understandable, but the second part of the explanation is not quite right:
Htmlspecialchars only converts the above HTML code, and htmlentities transforms all the HTML code, along with its unrecognized Chinese character.
We can compare them with a simple example:
Copy Code code as follows:
<?php
$str = ' <a href= ' test.html ' > Test page </a> ';
echo htmlentities ($STR);
<a href= "test.html" >²âÊÔÒ³Ãæ</a>
$str = ' <a href= ' test.html ' > Test page </a> ';
echo Htmlspecialchars ($STR);
<a href= "test.html" > Test page </a>
?>
The conclusion is that when there is Chinese, it is best to use htmlspecialchars, otherwise it may be garbled.
Does the Htmlentities function have only one argument? Of course not! Htmlentities also has three optional parameters, $quote _style, $charset, $double _encode, which is described in the manual for $charset parameters:
Defines character set used in conversion. The default character set is Iso-8859-1.
Judging from the output of the above program, the $STR is GB2312 encoded, and the hexadecimal value of the "test page" corresponds to the following:
B2 E2 CA D4 D2 B3 C3
However, it is interpreted as iso-8859-1 encoding:
²âêôò³ãæ
Exactly corresponds to the HTML character entity:
²âêôò³ãæ
Of course will be escaped by htmlentities, but as long as the correct encoding as a parameter, there will be no so-called Chinese garbled problem:
$str = ' <a href= ' test.html ' > Test page </a> ';
Echo htmlentities ($str, Ent_compat, ' gb2312 ');
<a href= "test.html" > Test page </a> All men say, the baseless assertion.
Conclusion: The difference between htmlentities and Htmlspecialchars is that htmlentities transforms all the HTML character entity, and Htmlspecialchars only converts a few HTML ch that are listed in the manual Aracter entity (that is, the few basic characters that affect HTML parsing). In general, using Htmlspecialchars to convert basic characters is enough, there is no need to use htmlentities. When you really want to use htmlentities, be aware of passing the correct encoding for the third parameter.