<?php
$new = htmlspecialchars("<a href='test'>Test</a>", ENT_QUOTES);
echo $new;
?>
output should be
& lt;a href=& #039;test& #039;>Test& lt;/a& gt;
but output is
<a href='test'>Test</a>
Difference between htmlentities() and htmlspecialchars() function: The only difference between these function is that htmlspecialchars() function convert the special characters to HTML entities whereas htmlentities() function convert all applicable characters to HTML entities.
The htmlspecialchars() function converts some predefined characters to HTML entities.
Using htmlspecialchars() function – The htmlspecialchars() function converts special characters to HTML entities. For a majority of web-apps, we can use this method and this is one of the most popular methods to prevent XSS. This process is also known as HTML Escaping.
The htmlspecialchars() function is incredibly useful in PHP, especially when you have text you intend to output. You can easily convert any special characters to their HTML entity equivalent using this function. One of the key reasons you will want to do this is to try and prevent XSS.
Don't worry. htmlspecialchars() is encoding the < and > characters properly. It is just that when you echo the encoded string to your computer screen, your browser helpfully decodes the characters again. If you view the page source you will see the encoded string.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With