目录

PHP htmlspecialchars() 函数

❮ PHP 字符串参考

示例

将预定义字符"<"(小于)和">"(大于)转换为 HTML 实体:

<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>

上述代码的 HTML 输出将是(查看源代码):

<!DOCTYPE html>
<html>
<body>
This is some &lt;b&gt;bold&lt;/b&gt; text.
</body>
</html>

上述代码的浏览器输出将是:

This is some <b>bold</b> text.
亲自试一试 »

定义和用法

htmlspecialchars() 函数将一些预定义字符转换为 HTML 实体。

预定义的字符有:

  • &(与号)变为 &amp;
  • " (双引号) 变为 &quot;
  • ' (单引号)变为 &#039;
  • <(小于)变为 &lt;
  • >(大于)变为 &gt;

提示:要将特殊 HTML 实体转换回字符,请使用htmlspecialchars_decode()功能。


语法

htmlspecialchars( string,flags,character-set,double_encode)

参数值

Parameter Description
string Required. Specifies the string to convert
flags Optional. Specifies how to handle quotes, invalid encoding and the used document type.

The available quote styles are:

  • ENT_COMPAT - Default. Encodes only double quotes
  • ENT_QUOTES - Encodes double and single quotes
  • ENT_NOQUOTES - Does not encode any quotes

Invalid encoding:

  • ENT_IGNORE - Ignores invalid encoding instead of having the function return an empty string. Should be avoided, as it may have security implications.
  • ENT_SUBSTITUTE - Replaces invalid encoding for a specified character set with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD; instead of returning an empty string.
  • ENT_DISALLOWED - Replaces code points that are invalid in the specified doctype with a Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;

Additional flags for specifying the used doctype:

  • ENT_HTML401 - Default. Handle code as HTML 4.01
  • ENT_HTML5 - Handle code as HTML 5
  • ENT_XML1 - Handle code as XML 1
  • ENT_XHTML - Handle code as XHTML
character-set Optional. A string that specifies which character-set to use.

Allowed values are:

  • UTF-8 - Default. ASCII compatible multi-byte 8-bit Unicode
  • ISO-8859-1 - Western European
  • ISO-8859-15 - Western European (adds the Euro sign + French and Finnish letters missing in ISO-8859-1)
  • cp866 - DOS-specific Cyrillic charset
  • cp1251 - Windows-specific Cyrillic charset
  • cp1252 - Windows specific charset for Western European
  • KOI8-R - Russian
  • BIG5 - Traditional Chinese, mainly used in Taiwan
  • GB2312 - Simplified Chinese, national standard character set
  • BIG5-HKSCS - Big5 with Hong Kong extensions
  • Shift_JIS - Japanese
  • EUC-JP - Japanese
  • MacRoman - Character-set that was used by Mac OS

Note: Unrecognized character-sets will be ignored and replaced by ISO-8859-1 in versions prior to PHP 5.4. As of PHP 5.4, it will be ignored an replaced by UTF-8.

double_encode Optional. A boolean value that specifies whether to encode existing html entities or not.
  • TRUE - Default. Will convert everything
  • FALSE - Will not encode existing html entities


技术细节

返回值: 返回转换后的字符串

如果字符串包含无效编码,它将返回一个空字符串,除非设置了 ENT_IGNORE 或 ENT_SUBSTITUTE 标志
PHP 版本: 4+
变更日志: PHP 5.6 - 更改了默认值字符集参数为默认字符集的值(在配置中)。
PHP 5.4 - 更改了默认值字符集参数为 UTF-8。
PHP 5.4 - 添加了 ENT_SUBSTITUTE、ENT_DISALLOWED、ENT_HTML401、ENT_HTML5、ENT_XML1 和 ENT_XHTML
PHP 5.3 - 添加了 ENT_IGNORE 常量。
PHP 5.2.3 - 添加了双编码范围。
PHP 4.1 - 添加了字符集范围。

更多示例

示例

将一些预定义字符转换为 HTML 实体:

<?php
$str = "Jane & 'Tarzan'";
echo htmlspecialchars($str, ENT_COMPAT); // Will only convert double quotes
echo "<br>";
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
echo "<br>";
echo htmlspecialchars($str, ENT_NOQUOTES); // Does not convert any quotes
?>

上述代码的 HTML 输出将是(查看源代码):

<!DOCTYPE html>
<html>
<body>
Jane &amp; 'Tarzan'<br>
Jane &amp; &#039;Tarzan&#039;<br>
Jane &amp; 'Tarzan'
</body>
</html>

上述代码的浏览器输出将是:

Jane & 'Tarzan'
Jane & 'Tarzan'
Jane & 'Tarzan'
亲自试一试 »

示例

将双引号转换为 HTML 实体:

<?php
$str = 'I love "PHP".';
echo htmlspecialchars($str, ENT_QUOTES); // Converts double and single quotes
?>

上述代码的 HTML 输出将是(查看源代码):

<!DOCTYPE html>
<html>
<body>
I love "PHP".
</body>
</html>

上述代码的浏览器输出将是:

I love "PHP".
亲自试一试 »

❮ PHP 字符串参考