Quảng cáo

Hàm htmlspecialchars() trong PHP

Hướng dẫn cách sử dụng hàm htmlspecialchars() trong lập trình PHP

Tác dụng của hàm htmlspecialchars()

The htmlspecialchars() function converts characters that have special meaning in the context of HTML to their equivalent HTML entities. The following characters are considered special:

& (ampersand) converted to &
" (double quote) converted to ", unless ENT_NOQUOTES is set.
' (single quote) converted to ' (for ENT_HTML401, this is default) or ' (for ENT_XML1, ENT_XHTML or ENT_HTML5), but only when ENT_QUOTES is set.
< (less than) converted to <
> (greater than) converted to >

This function typically reverses the effect of htmlspecialchars_decode() function.

The following table summarizes the technical details of this function.

Return Value:	Returns the converted string. If the input string contains an invalid code sequence within the given charset it will return an empty string, unless either the `ENT_IGNORE` or `ENT_SUBSTITUTE` flags are set.
Version:	PHP 4+

Syntax

The basic syntax of the htmlspecialchars() function is given with:

htmlspecialchars(string, flags, charset, double_encode);

The following example shows the htmlspecialchars() function in action.

Ví dụ

<?php
// Sample string
$str = "It's an <b>amazing</b> story.";

// Converting the string
echo htmlspecialchars($str);
?>

The output of the above example will be (view source to get an idea):

It's an <b>amazing</b> story.

However, in the browser you will see something like this:

It's an amazing story.

Note: The htmlspecialchars() is identical to htmlentities() in all ways, except that htmlspecialchars() only replaces &, <, and >, with option for single and double quotes. But htmlentities() replaces all characters which can be represented by HTML character entity.

Tip: You can use the get_html_translation_table() function to return the translation table that is used internally for the htmlspecialchars() and htmlentities() functions.

Parameters

The htmlspecialchars() function accepts the following parameters.

Parameter	Description
string	Required. Specifies the string to convert.
flags	Optional. Specifies how to handle quotes, invalid code sequences and which document type to use. You can specify one or more of the following flags. The available flags constants for handling quotes are: ENT_COMPAT – Converts double-quotes and leave single-quotes unconverted. ENT_QUOTES – Convert both double and single quotes. ENT_NOQUOTES – Leave both double and single quotes unconverted. The available flags constants for handling invalid code sequences are: ENT_IGNORE – Silently ignores invalid code sequences instead of returning an empty string. Avoid using this flag as it may have security implications. ENT_SUBSTITUTE – Replaces invalid code sequences with a Unicode Replacement Character U+FFFD (UTF-8) or instead of returning an empty string. ENT_DISALLOWED – Replaces code sequences that are invalid for the specified document type with a Unicode Replacement Character U+FFFD (UTF-8) or instead of leaving them as is. The available flags constants for specifying the document types are: ENT_HTML401 – Handle code as HTML 4.01. ENT_HTML5 – Handle code as HTML 5. ENT_XML1 – Handle code as XML 1. ENT_XHTML – Handle code as XHTML. The default value for this parameter is `ENT_COMPAT \| ENT_HTML401`.
charset	Optional. Specifies which character set to use. Supported charsets are: UTF-8 – ASCII compatible multi-byte 8-bit Unicode. ISO-8859-1 – Western European, Latin-1. ISO-8859-5 – Little used cyrillic charset (Latin/Cyrillic). ISO-8859-15 Western European, Latin-9. Adds the Euro sign, French and Finnish letters missing in Latin-1 (ISO-8859-1). cp866 – DOS-specific Cyrillic charset. cp1251 – Windows-specific Cyrillic charset. cp1252 – Windows specific charset for Western European. KOI8-R – Russian. BIG5 – Traditional Chinese, mainly used in Taiwan. GB2312 – Simplified Chinese, national standard character set. BIG5-HKSCS – Big5 with Hong Kong extensions, Traditional Chinese. Shift_JIS – Japanese. EUC-JP – Japanese. MacRoman – Charset that was used by Mac OS. If this parameter is omitted, it defaults to the value of the `default_charset` configuration option (inside php.ini file).
double_encode	Optional. A Boolean value which specifies whether to encode existing html entities or not. Possible values are `true` and `false`. Default value is `true` which convert everything.

More Examples

Here're some more examples showing how htmlspecialchars() function actually works:

The following example demonstrates the handling of single-quotes using this function.

Ví dụ

<?php
// Sample string
$str = "Let's <b>pack</b> \"bag & baggage\".";

// Convert only <, > & and double-quotes
$a = htmlspecialchars($str);
echo $a; // Let's <b>pack</b> &quot;bag & baggage&quot;.

// Convert all special characters
$b = htmlspecialchars($str, ENT_QUOTES);
echo $b; // Let's <b>pack</b> &quot;bag & baggage&quot;.

// Convert single quotes to named entity
$c = htmlspecialchars($str, ENT_QUOTES | ENT_HTML5);
echo $c; // Let&apos;s <b>pack</b> &quot;bag & baggage&quot;.
?>

However, in the browser you will always see the string Let's <b>pack</b> "bag & baggage". View source (right-click and select View Page Source) of the example output to see the converted string.

Bài viết này đã giúp ích cho bạn?

Bài viết mới

Bài trước Bài tiếp

Hàm htmlspecialchars() trong PHP

Tác dụng của hàm htmlspecialchars()

Syntax

Ví dụ

Parameters

More Examples

Ví dụ

Bài viết này đã giúp ích cho bạn?

Bài viết mới

Về chúng tôi

Liên hệ

Các công cụ