htmlspecialchars — Convert special characters to HTML entities.
Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings.
For example, < will be represented by its entity as <. When we enter < into the textbox, the htmlspecialchars will convert it to < which is safe for the web server.
This is for security reason as certain combinations of those characters could be exploited causing the web server to be compromised.
<?php $new = htmlspecialchars("<a href='test'>Test</a>"); echo $new; // <a href='test'>Test</a> ?>
The translations/conversions performed are:
- ‘&’ (ampersand) becomes ‘&’
- ‘”‘ (double quote) becomes ‘"’ when ENT_NOQUOTES is not set.
- “‘” (single quote) becomes ‘'’ (or ') only when ENT_QUOTES is set.
- ‘<‘ (less than) becomes ‘<’
- ‘>’ (greater than) becomes ‘>’