PHP htmlspecialchars

 The function of PHP htmlspecialchars function is to be able to convert specific symbols into HTML entity symbols to solve the occasional data display problems caused by HTML special tags, such as single quotation mark ('), double quotation mark ("), greater than (>) , Less than (<) or the string connection symbol (&) is converted into HTML that can only be used for display . Why do you need such a conversion? Mostly for safety, such as entering these special symbols in the URL or search box, it is very possible Trigger the PHP script on the server side to retrieve the MySQL database, and use the PHP htmlspecialchars function to convert the data before access to a safer symbol to avoid unexpected results caused by unnecessary data access actions.

PHP htmlspecialchars Basic grammar

string htmlspecialchars( $string , $quote_flags , $encoding , $double_encode )

Parameters Table

$string	Required items are the strings to be converted .
$quote_flags	Optional items are used to set the conversion rules of quotation marks. The following three items are common setting parameters. ENT_COMPAT-default value, double quotation marks are converted, single quotation marks are not converted. ENT_QUOTES-Convert double quotes and single quotes. ENT_NOQUOTES-Single quotes and double quotes are not converted.
$encoding	Select the item and set the encoding for conversion. The default encoding for versions before PHP 5.4.0 is ISO-8859-1, and the version after PHP 5.4.0 is default for Universal Code UTF-8.
$double_encode	Select the item, if this function is turned off, htmlspecialchars will not convert the existing HTML symbols, the default is to convert all.

PHP htmlspecialchars conversion result

• The string connection symbol (&) is converted to &
• Double quotation marks (") are converted to ". The preceding question is that the quotation mark parameter cannot be set to ENT_NOQUOTES.
• Single quote (') is converted to '. Only when the quotation marks parameter is set to ENT_QUOTES, will single quotation marks be converted.
• The greater than sign (>) is converted to >
• The less than sign (<) is converted to <

PHP htmlspecialchars example

<?php
$string_1 = htmlspecialchars("This is a test\'This is a test\"", ENT_COMPAT);
echo $string_1.'<br>';
$string_2 = htmlspecialchars("This is a test\'This is a test\" ", ENT_QUOTES);
echo $string_2.'<br>';
$string_3 = htmlspecialchars("This is a test\'This is a test\"", ENT_NOQUOTES);
echo $string_3.'<br>';
?>

 The above output result is as

This is a test\'This is a test"
This is a test\'This is a test"
This is a test\'This is a test"

When you actually open the source code of the web page, you can see this content

. The <br> in the source code above represents the meaning of HTML wrapping . The conversion result of $string_1 is output for the first time. Since the quotation mark parameter ENT_COMPAT is set, only single quotation marks will be converted, and then output When $string_2, the quotation mark parameter is set to ENT_QUOTES, so both single quotation marks and double quotation marks are successfully converted, and finally $string_3 is output, and the quotation mark parameter is set to ENT_NOQUOTES, which means that no quotation marks will be converted when encountered. Assuming that the quotation mark parameter is not set, the output result will be the same as the result of the preset value ENT_COMPAT.