htmlentities vs htmlspecialchars in PHP

PHP
By bhagwatchouhan
htmlentities vs htmlspecialchars in PHP

The PHP functions htmlentities and htmlspecialchars are used to convert the strings having HTML characters to HTML entities. The most important difference between htmlentities and htmlspecialchars is the set of HTML characters that can be converted by these functions. The function htmlentities converts all the characters that are applicable to HTML entities. The function htmlspecialchars convert the special characters to HTML entities. The rest of the sections explains the syntax of both functions with examples.

htmlentities

Syntax

htmlentities( string $string, int $flags = ENT_QUOTES | ENT_SUBSTITUTE, ?string $encoding = null, bool $double_encode = true ): string

$string - It's the first argument to accept the string for conversion.

$flags - An optional parameter to hold the combination of flags to handle quotes. You can further refer to PHP references to get the list of applicable flags.

$encoding - An optional argument to specify the encoding used while converting the characters.

$double_encode - It's an optional parameter and if it's set to false, PHP won't encode the existing HTML entities in the given string.

The function htmlentities returns back the converted string.

Example

<?php

// String to convert
$str = '<a href="https://www.tutorials24x7.com">Tutorials24x7</a> is a place to find tutorials related to commonly used and <b>modern technologies</b>.';

// Convert the string and print the result
echo htmlentities( $str );

Output

The output of the above code is shown below.

&lt;a href=&quot;https://www.tutorials24x7.com&quot;&gt;Tutorials24x7&lt;/a&gt; is a place to find tutorials related to commonly used and &lt;b&gt;modern technologies&lt;/b&gt;.

htmlspecialchars

Syntax

htmlspecialchars( string $string, int $flags = ENT_QUOTES | ENT_SUBSTITUTE, ?string $encoding = null, bool $double_encode = true ): string

$string - It's the first argument to accept the string for conversion.

$flags - An optional parameter to hold the combination of flags to handle quotes. You can further refer to PHP references to get the list of applicable flags.

$encoding - An optional argument to specify the encoding used while converting the characters.

$double_encode - It's an optional parameter and if it's set to false, PHP won't encode the existing HTML entities in the given string.

The function htmlentities returns back the converted string. It replaces the special characters including & (ampersand), " (double quote), ' (single quote), < (less than), and > (greater than).

Example

<?php

// String to convert
$str = '<a href="https://www.tutorials24x7.com">Tutorials24x7</a> is a place to find tutorials related to commonly used and <b>modern technologies</b>.';

// Convert the string and print the result
echo htmlspecialchars( $str );

Output

The output of the above code is shown below.

&lt;a href=&quot;https://www.tutorials24x7.com&quot;&gt;Tutorials24x7&lt;/a&gt; is a place to find tutorials related to commonly used and &lt;b&gt;modern technologies&lt;/b&gt;.

Summary

This tutorial provided the difference between the PHP functions htmlentities and htmlspecialchars and also provided the syntax and examples of both the functions.

share on :

Profile picture for user bhagwatchouhan
bhagwatchouhan