The difference between PHP htmlentities and Htmlspecialchars

Source: Internet
Author: User

Many people think that htmlentities and htmlspecialchars function is the same, are formatted HTML code, I used to think so, but today I found that is not the case.

The translations performed is:

Copy CodeThe code is as follows:
' & ' (ampersand) becomes ' & '
' ' ' (double quote) becomes ' "When Ent_noquotes was not set.
"(single quote) becomes" only if Ent_quotes is set.
' < ' (less than) becomes ' < '
' > ' (greater than) becomes ' > '
Htmlspecialchars only translates the above HTML code, and Htmlentities translates all the HTML code, along with its unrecognized Chinese characters.

We can take a simple example to do the comparison:
Copy CodeThe code is as follows:
$str = ' <a href= ' test.html > Test page </a> ';
echo htmlentities ($STR);
<a href= "test.html" >²âÊÔÒ³Ãæ</a>

$str = ' <a href= ' test.html > Test page </a> ';
echo Htmlspecialchars ($STR);
<a href= "test.html" > Test page </a>
The conclusion is that when there is Chinese, it is best to use htmlspecialchars, otherwise it may be garbled

Also refer to this custom function
Copy CodeThe code is as follows:
function My_excerpt ($html, $len) {
$html should contain an HTML document.
This example removes the HTML tag, and the JavaScript code
and white space characters. will also be some of the common
The HTML entity is converted to the appropriate text.
$search = Array (' <script[^>]*?>.*?</script> ' si ',//Remove JavaScript
"' <[\/\!] *? [^<>]*?> ' Si ',//Remove HTML tags
"' ([\ r \ n]) [\s]+ '",//Remove whitespace characters
"' & (quot| #34); ' I ",//Replace HTML entity
"' & (amp| #38); ' I ",
"' & (lt| #60); ' I ",
"' & (gt| #62); ' I ",
"' & (nbsp| #160); ' I ",
"' & (iexcl| #161); ' I ",
"' & (cent| #162); ' I ",
"' & (pound| #163); ' I ",
"' & (copy| #169); ' I ",
"' (\d+); ' E "); Run as PHP code
$replace = Array ("",
"",
"\\1",
"\"",
"&",
"<",
">",
" ",
Chr (161),
Chr (162),
Chr (163),
Chr (169),
"Chr (\\1)");
$text = Preg_replace ($search, $replace, $html);
$text = Trim ($text);
Return Mb_strlen ($text) >= $len? Mb_substr ($text, 0, $len): ";
}
The Htmlspecialchar () function and the htmlentities () function are similar to converting HTML code, Htmlspecialchars_decode is converting the converted HTML encoding into a conversion back.

We can take a simple example to do the comparison:
Copy CodeThe code is as follows:
$str = ' <a href= ' test.html > Test </a> ';
$transstr = Htmlspecialchars ($STR);
Echo $transstr. "<br/>";
echo Htmlspecialchars_decode ($TRANSSTR) ";
Running the above code, you can see the difference between the two.

Always know that PHP htmlentities and Htmlspecialchars functions can convert special characters in HTML into corresponding character entity (do not know how to translate), also always know htmlentities and HTML The Specialchars function is different, but it has not been used to the two functions, it has not been studied in the end what is the difference.


Today used, too lazy to read the PHP handbook in the Birds, think this problem should be someone in Chinese written, so Google keyword "htmlentities htmlspecialchars", the answer is uniform. I have been commonplace, copy and paste even pupils will. After comparison, each article probably contains two parts:

The first part is a description of the PHP manual:

The PHP manual writes to Htmlspecialchars:

The translations performed is:
Copy CodeThe code is as follows:
' & ' (ampersand) becomes ' & '
' ' ' (double quote) becomes ' "When Ent_noquotes was not set.
"' (single quote) becomes ' if Ent_quotes is set.
' < ' (less than) becomes ' < '
' > ' (greater than) becomes ' > '
This part is understandable, but the second part of the explanation is not exactly right:

Htmlspecialchars only translates the above HTML code, and Htmlentities translates all the HTML code, along with its unrecognized Chinese characters.

We can take a simple example to do the comparison:
Copy CodeThe code is as follows:
<?php
$str = ' <a href= ' test.html > Test page </a> ';
echo htmlentities ($STR);

<a href= "test.html" >²âÊÔÒ³Ãæ</a>

$str = ' <a href= ' test.html > Test page </a> ';
echo Htmlspecialchars ($STR);
<a href= "test.html" > Test page </a>

?>
The conclusion is that when there is Chinese, it is best to use htmlspecialchars, otherwise it may be garbled.

Does the Htmlentities function have only one parameter? Of course not! Htmlentities also has three optional parameters, namely $quote _style, $charset, $double _encode, which are described in the manual for $charset parameters:

Defines character set used in conversion. The default character set is Iso-8859-1.

Judging from the results of the above program output, the $STR is GB2312 encoded, the hexadecimal value corresponding to the "test page" word is:

B2 E2 CA D4 D2 B3 C3 E6

However, it is interpreted as iso-8859-1 code:

²âêôò³ãæ

Exactly corresponds to the HTML character entity:

²âêôò³ãæ

Of course will be htmlentities escaped, but as long as the correct coding as a parameter, there will be no so-called Chinese garbled problem:

$str = ' <a href= ' test.html > Test page </a> ';

Echo htmlentities ($str, Ent_compat, ' gb2312 ');
<a href= "test.html" > Test page </a> All men say, baseless assertion.

Conclusion: The difference between htmlentities and Htmlspecialchars is that htmlentities will convert all HTML character entity, and Htmlspecialchars will only convert several HTML ch listed on the manual. Aracter entity (that is, the basic characters that affect HTML parsing). In general, it is sufficient to use Htmlspecialchars to convert basic characters, and it is not necessary to use htmlentities. When you really want to use htmlentities, be careful to pass the correct encoding for the third parameter.

The difference between PHP htmlentities and Htmlspecialchars

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.