htmlspecialchars
Converts special characters to HTML entities to prevent XSS attacks and ensure safe HTML output.
Parameters
main.php
Return Values
string
Returns the converted string with HTML entities
On success:String with special characters converted to HTML entities
On failure:Empty string if input contains invalid encoding sequences
Notes
- Essential for preventing Cross-Site Scripting (XSS) attacks
- Converts <, >, &, " and ' to their HTML entity equivalents
- Use ENT_QUOTES flag to convert both single and double quotes
- Always specify encoding parameter for consistent behavior
Changelog
- 8.1.0: Default flags changed to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401
- 8.0.0: encoding is now nullable
Related Functions
filter_var
ValidationFilters a variable with a specified filter, used for validating and sanitizing data.
validatesanitizesecurity
strlen
StringReturns the length of a string in bytes.
lengthvalidationsecurity
str_replace
StringReplaces all occurrences of search string with replacement string.
replacesanitizeclean
trim
StringReturns a string with whitespace (or other characters) stripped from the beginning and end of string.
cleanwhitespacesanitize
password_hash
SecurityCreates a password hash using a strong one-way hashing algorithm for secure password storage.
securitypasswordhash