htmlspecialchars
(PHP 4, PHP 5)
htmlspecialchars — Convert special characters to HTML entities
说明
string htmlspecialchars
( string $string
[, int $flags
= ENT_COMPAT | ENT_HTML401
[, string $encoding
= ini_get("default_charset")
[, bool $double_encode
= true
]]] )
Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with these conversions made. If you require all input substrings that have associated named entities to be translated, use htmlentities() instead.
If the input string passed to this function and the final document share the same character set, this function is sufficient to prepare input for inclusion in most contexts of an HTML document. If, however, the input can represent characters that are not coded in the final document character set and you wish to retain those characters (as numeric or named entities), both this function and htmlentities() (which only encodes substrings that have named entity equivalents) may be insufficient. You may have to use mb_encode_numericentity() instead.
The translations performed are:
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES
is not set.
"'" (single quote) becomes ''' (or ')
only when ENT_QUOTES
is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
参数
string
The string being converted.
flags
A bitmask of one or more of the following flags, which specify how to handle quotes,
invalid code unit sequences and the used document type. The default is
ENT_COMPAT | ENT_HTML401.
Available flags
constants
Constant Name
Description
ENT_COMPAT
Will convert double-quotes and leave single-quotes alone.
ENT_QUOTES
Will convert both double and single quotes.
ENT_NOQUOTES
Will leave both double and single quotes unconverted.
ENT_IGNORE
Silently discard invalid code unit sequences instead of returning
an empty string. Using this flag is discouraged as it
» may have security implications.
ENT_SUBSTITUTE
Replace invalid code unit sequences with a Unicode Replacement Character
U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string.
ENT_DISALLOWED
Replace invalid code points for the given document type with a
Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;
(otherwise) instead of leaving them as is. This may be useful, for
instance, to ensure the well-formedness of XML documents with
embedded external content.
ENT_HTML401
Handle code as HTML 4.01.
ENT_XML1
Handle code as XML 1.
ENT_XHTML
Handle code as XHTML.
ENT_HTML5
Handle code as HTML 5.
encoding
An optional argument defining the encoding used when converting characters.
If omitted, the default value of the encoding
varies
depending on the PHP version in use. In PHP 5.6 and later, the
default_charset configuration
option is used as the default value. PHP 5.4 and 5.5 will use
UTF-8 as the default. Earlier versions of PHP use
ISO-8859-1.
Although this argument is technically optional, you are highly encouraged to specify the correct value for your code if you are using PHP 5.5 or earlier, or if your default_charset configuration option may be set incorrectly for the given input.
For the purposes of this function, the encodings
ISO-8859-1, ISO-8859-15,
UTF-8, cp866,
cp1251, cp1252, and
KOI8-R are effectively equivalent, provided the
string
itself is valid for the encoding, as
the characters affected by htmlspecialchars() occupy
the same positions in all of these encodings.
支持以下字符集: 支持的字符集列表 字符集 别名 描述 ISO-8859-1 ISO8859-1 西欧,Latin-1 ISO-8859-5 ISO8859-5 Little used cyrillic charset (Latin/Cyrillic). ISO-8859-15 ISO8859-15 西欧,Latin-9。增加欧元符号,法语和芬兰语字母在 Latin-1(ISO-8859-1) 中缺失。 UTF-8 ASCII 兼容的多字节 8 位 Unicode。 cp866 ibm866, 866 DOS 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 cp1251 Windows-1251, win-1251, 1251 Windows 特有的西里尔编码。本字符集在 4.3.2 版本中得到支持。 cp1252 Windows-1252, 1252 Windows 特有的西欧编码。 KOI8-R koi8-ru, koi8r 俄语。本字符集在 4.3.2 版本中得到支持。 BIG5 950 繁体中文,主要用于中国台湾省。 GB2312 936 简体中文,中国国家标准字符集。 BIG5-HKSCS 繁体中文,附带香港扩展的 Big5 字符集。 Shift_JIS SJIS, 932 日语 EUC-JP EUCJP 日语 MacRoman Mac OS 使用的字符串。 '' An empty string activates detection from script encoding (Zend multibyte), default_charset and current locale (see nl_langinfo() and setlocale()), in this order. Not recommended.
Note: 其他字符集没有认可。将会使用默认编码并抛出异常。
double_encode
When double_encode
is turned off PHP will not
encode existing html entities, the default is to convert everything.
返回值
The converted string.
If the input string
contains an invalid code unit
sequence within the given encoding
an empty string
will be returned, unless either the ENT_IGNORE
or
ENT_SUBSTITUTE
flags are set.
更新日志
版本
说明
5.6.0
The default value for the encoding
parameter was
changed to be the value of the
default_charset configuration
option.
5.4.0
The default value for the encoding
parameter was
changed to UTF-8.
5.4.0
The constants ENT_SUBSTITUTE
, ENT_DISALLOWED
,
ENT_HTML401
, ENT_XML1
,
ENT_XHTML
and ENT_HTML5
were added.
5.3.0
The constant ENT_IGNORE
was added.
5.2.3
The double_encode
parameter was added.
范例
Example #1 htmlspecialchars() example
<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // <a href='test'>Test</a>
?>
注释
Note:
Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities().
参见
get_html_translation_table() - 返回使用 htmlspecialchars 和 htmlentities 后的转换表 htmlspecialchars_decode() - 将特殊的 HTML 实体转换回普通字符 strip_tags() - 从字符串中去除 HTML 和 PHP 标记 htmlentities() - Convert all applicable characters to HTML entities nl2br() - 在字符串所有新行之前插入 HTML 换行标记