algorytmy.pl Porady  |  Foto  |  Kurs XHTML/CSS  |  Narzędzia  |  Encyklopedia  |  PP  |  Opinie  |  Abonament  
Portrety Uliczne Nieznajomych - zobacz wyjątkową galerię portretów z warszawskich ulic
ZALOGUJ SIĘ
login:
hasło:
przypomnij hasło
załóż konto użytkownika
(i zobacz kilka porad gratis)
   
WYSZUKIWARKA I DZIAŁY
zobacz jak szukać skutecznie
całe porady  tytuły
zaznacz działy do przeszukania
(brak wyboru = wszystkie działy)
PHP
MySQL >
PostgreSQL
SQLite
Perl
Java
XML
XSLT
XPath
WML
SVG
RegExp
Wyszukiwarki
Ochrona
VBScript
Google Plus
 XHTML/CSS
JavaScript
Grafika
Flash
Photoshop
Windows
Linux
Bash
Apache
Procmail
E-biznes
Explorer
Opera
Firefox
Inne porady
wszystkie porady / katalog
   
KURSY, DOKUMENTACJE
Własne:
XHTML/CSS
JavaScript
ActionScript
WML, RSS, SSI 		Pozostałe:
PHP
MySQL
Java API
więcej...
   
użytkowników online: 80
W CZYM MOGĘ POMÓC?


jak zadawać pytania
   
OPINIE UŻYTKOWNIKÓW
Uważam, że serwis jest najlepszy na świecie. Wykonany rzetelnie, a wszystkie skrypty sa dopracowane. Zamieszczony materiał godny mistrza. Jestem programistą od wielu lat i bez tego serwisu nie istnieje. Upraszacza życie każdemu programiście. Imponujący jest fakt, że do twórcy serwisu zawsze można się zwrócić z prośbą o pomoc i uzyskuje się ją w bardzo krótkim czasie. Najważniejsze w tym wszystkim jest to, że można korzystać z witryny za symboliczną opłatą.

Marcin Kowalski
Multinet Polska

więcej opinii klientów
   
GALERIA FOTOGRAFII
zobacz inne zdjęcia
   
PODRĘCZNIK PHP 5.x, 4.x, 3.x - częściowo spolszczony / źródło: www.php.net

[Spis] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [X] [W] [Z]

htmlspecialchars

(PHP 3, PHP 4, PHP 5)

htmlspecialchars --  Convert special characters to HTML entities

Description

string htmlspecialchars ( string string [, int quote_style [, string charset]] )

Certain characters have special significance in HTML, and should be represented by HTML entities if they are to preserve their meanings. This function returns a string with some of these conversions made; the translations made are those most useful for everyday web programming. If you require all HTML character entities to be translated, use htmlentities() instead.

This function is useful in preventing user-supplied text from containing HTML markup, such as in a message board or guest book application. The optional second argument, quote_style, tells the function what to do with single and double quote characters. The default mode, ENT_COMPAT, is the backwards compatible mode which only translates the double-quote character and leaves the single-quote untranslated. If ENT_QUOTES is set, both single and double quotes are translated and if ENT_NOQUOTES is set neither single nor double quotes are translated.

The translations performed are:

  • '&' (ampersand) becomes '&'

  • '"' (double quote) becomes '"' when ENT_NOQUOTES is not set.

  • ''' (single quote) becomes ''' only when ENT_QUOTES is set.

  • '<' (less than) becomes '&lt;'

  • '>' (greater than) becomes '&gt;'

Przykład 1. htmlspecialchars() example

<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new; // &lt;a href=&#039;test&#039;&gt;Test&lt;/a&gt;
?>

Note that this function does not translate anything beyond what is listed above. For full entity translation, see htmlentities(). Support for the optional second argument was added in PHP 3.0.17 and PHP 4.0.3.

The third argument charset defines character set used in conversion. The default character set is ISO-8859-1. Support for this third argument was added in PHP 4.1.0.

Following character sets are supported in PHP 4.3.0 and later.

Tabela 1. Supported charsets

CharsetAliasesDescription
ISO-8859-1ISO8859-1 Western European, Latin-1
ISO-8859-15ISO8859-15 Western European, Latin-9. Adds the Euro sign, French and Finnish letters missing in Latin-1(ISO-8859-1).
UTF-8  ASCII compatible multi-byte 8-bit Unicode.
cp866ibm866, 866 DOS-specific Cyrillic charset. This charset is supported in 4.3.2.
cp1251Windows-1251, win-1251, 1251 Windows-specific Cyrillic charset. This charset is supported in 4.3.2.
cp1252Windows-1252, 1252 Windows specific charset for Western European.
KOI8-Rkoi8-ru, koi8r Russian. This charset is supported in 4.3.2.
BIG5950 Traditional Chinese, mainly used in Taiwan.
GB2312936 Simplified Chinese, national standard character set.
BIG5-HKSCS  Big5 with Hong Kong extensions, Traditional Chinese.
Shift_JISSJIS, 932 Japanese
EUC-JPEUCJP Japanese

Notatka: Any other character sets are not recognized and ISO-8859-1 will be used instead.

See also get_html_translation_table(), strip_tags(), htmlentities(), and nl2br().



User Contributed Notes

mikiwoz at yahoo dot co dot uk
06-Oct-2005 11:40

I am not sure, maybe I'm missing something, but I have found something interesting:
I've been working on a project, where I had to use htmlspecialchars (for opbvious reasons). I olso needed to de-code the encoded string. What I have done was almost a copy and paste from php.net:
$trans=get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES);
$trans=array_flip($trans);
$string=strtr($encoded, $trans);
(it looked a bit different in my code, but the idea is clear)
I couldn't get the apostrophe sign de-coded, and I needed it for the <A> tags. After an hour or so of debuging, I decided do print_r($trans). What I got was:
...
[&#39;] => '
...
BUT the apostrophe was encoded to $#039; -> note the zero.
I don't suppose it's a bug, but it definetely IS a potential pitfall, watch out for this one.

Luiz Miguel Axcar (lmaxcar at yahoo dot com dot br)
01-Sep-2005 03:16

Hello,

If you are getting trouble to SGDB write/read HTML data, try to use this:

<?php

//from html_entity_decode() manual page
function unhtmlentities ($string) {
   $trans_tbl =get_html_translation_table (HTML_ENTITIES );
   $trans_tbl =array_flip ($trans_tbl );
   return strtr ($string ,$trans_tbl );
}

//read from db
$content = stripslashes (htmlspecialchars ($field['content']));

//write to db
$content = unhtmlentities (addslashes (trim ($_POST['content'])));

//make sure result of function get_magic_quotes_gpc () == 0, you can get strange slashes in your content adding slashes twice

//better to do this using addslashes
$content = (! get_magic_quotes_gpc ()) ? addslashes ($content) : $content;

?>

jspalletta at gmail dot com
12-Jul-2005 02:37

I have found that this regular expression is sufficient for making sure that existing character entities show after htmlspecialchars() replaces _all_ occurrences of & with the &amp; entity.

<?php
// Note: hsc is an abbreviation of htmlspecialchars
function hscFixed($str)
{
   return preg_replace("/&amp;(#[0-9]+|[a-z]+);/i", "&$1;", htmlspecialchars($str));
}
?>

The only flaw I can think of is if you have text of the vein; "&[word];", that is not meant to be a character but rather uses the ampersand and semicolon in their traditional grammatical denotations.  However I think this is highly unlikely to occur (among other reasons, the fact that anyone with enough grammatical inclination to use them as such probably won't leave out the space between the ampersand and the word).

25-Jun-2005 05:44

You can't use htmlspecialchars to create RSS feeds, since it expands ampersands.You need to use something like this:
$content = preg_replace(array('/</', '/>/', '/"/'), array('&lt;', '&gt;', '&quot;'), $content);

palrich at gmail dot com
16-May-2005 10:29

To Alexander Nofftz and urbanheroes:
It's not an IE problem.  There is no &apos; in HTML.  So it's only a problem if someone else does render this as an apostraphe on an HTML page.

paul dot l at aon dot at
09-May-2005 06:50

function reverse_htmlentities($mixed)
{
   $htmltable = get_html_translation_table(HTML_ENTITIES);
   foreach($htmltable as $key => $value)
   {
       $mixed = ereg_replace(addslashes($value),$key,$mixed);
   }
   return $mixed;
}

this is my version of a reversed htmlentities function

thisiswherejunkgoes at gmail dot com
06-May-2005 07:06

If there're any n00bs out there looking for a way to ensure that no html/special chars are getting sent to their databases/put through forms/etc., this has been doing the trick for me (though being at least slightly n00bish, if this won't always work perhaps someone will ammend :-)

function checkforchars ($foo) {

  if ($foo === htmlspecialchars($foo)) {
       return "Valid entry.";
  } else {
       return "Invalid entry.";
  }

}

urbanheroes {at} gmail {dot} com
30-Apr-2005 08:32

In response to the note made by Alexander Nofftz on October 2004, &#39; is used instead of &apos; because IE unfortunately seems to have trouble with the latter.

gt at realvertex.com
28-Apr-2005 06:55

Here is the recursive version that works for both arrays and strings. Doesn't look as elegant as the other recursive versions, because of the input checks.

function HTML_ESC($_input = null, $_esc_keys = false)
{
   if ((null != $_input) && (is_array($_input)))
   {
       foreach($_input as $key => $value)
       {
           if($_esc_keys)
           {
               $_return[htmlspecialchars($key)] = HTML_ESC($value,$_esc_keys);
           }
           else
           {
               $_return[$key] = HTML_ESC($value);
           }
       }
       return $_return;
   }
   elseif(null != $_input)
   {
       return htmlspecialchars($_input);
   }
   else
   {
       return null;
   }
}

took
23-Apr-2005 06:14

The Algo from donwilson at gmail dot com to reverse the action of htmlspecialchars(), edited for germany:

function unhtmlspecialchars( $string )
{
  $string = str_replace ( '&amp;', '&', $string );
  $string = str_replace ( '&#039;', '\'', $string );
  $string = str_replace ( '&quot;', '"', $string );
  $string = str_replace ( '&lt;', '<', $string );
  $string = str_replace ( '&gt;', '>', $string );
  $string = str_replace ( '&uuml;', '

 

 
  © 1996-2012 & Reporter.plmiejscao serwisieabonamentwarunki korzystaniaRSSkontakt