What is the difference between htmlspecialchars () and htmlentities ()?

10

I once had to use htmlentities () to solve a certain coding situation (the words with an accent were not with the characters) and I saw that there was this htmlspecialchars ().

In Php.net, I saw the following definitions:

  

htmlentities - > Converts all applicable characters into entities   html

     

htmlspecialchars - > Converts special characters to reality   HTML

What has given me to understand that there is no difference between the two. But I believe I may be wrong, because the use of one function's parameters may differ from the other.

Are they the same thing? If not, in which case one and the other?

    
asked by anonymous 18.01.2016 / 16:57

2 answers

11

They are not only with < , > and & , htmlentities is much more than that

htmlspecialchars

  

Description

string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )

Will convert characters to entities that affect HTML, with the following conversions:

  • & will become &amp;
  • > will become &lt;
  • < will become &gt;
  • " will become &quot; (except when ENT_NOQUOTES is set in $flags )
  • ' will become &amp; , convert to &#039; when $flags has ENT_HTML401 or &apos; when ENT_XML1 , ENT_XHTML or ENT_HTML5 , but only when set $flags com ENT_QUOTES

htmlentities

  

Description

string htmlentities ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )

The behavior is identical to the htmlspecialchars by default for & , > , < , " , and ' specifically, ie nothing changes (# ), what htmlentities differs is that in addition to the characters quoted, it will convert all characters that have representation in HTML entities, follows lists of (probably complete) characters:

A simple example of difference are the accents:

<?php

echo htmlspecialchars('<foo><bar>Olá Mundo!</bar></foo>'), "\n";

echo htmlentities('<foo><bar>Olá Mundo!</bar></foo>'), "\n";

The result will be this:

 &lt;foo&gt;&lt;bar&gt;Olá Mundo!&lt;/bar&gt;&lt;/foo&gt;
 &lt;foo&gt;&lt;bar&gt;Ol&aacute; Mundo!&lt;/bar&gt;&lt;/foo&gt;

Example on IDEONE

Note also that the behavior of both functions can be adjusted by the flags:

  • ENT_COMPAT , ENT_QUOTES , ENT_NOQUOTES , ENT_SUBSTITUTE , ENT_DISALLOWED , ENT_HTML401 , ENT_XML1 , ENT_XHTML

That is to say, it is emphasized that what differs in both functions is not the ENT_HTML5 characters mentioned in the other answer:

  

They do the same thing with the exception of a few characters "< > &"

Behaviors

Other behaviors may vary depending on the < > & I've already mentioned, and can also change with the use of $flags and $encoding , however these are specific settings as needed.

    
05.11.2017 / 20:09
5

They do the same thing with the exception of a few characters "< > &"

CASE 1:

$html = "onclick='location:/?page=1&cat=3'"

echo htmlspecialchars($html);

result: onclick='location:/?page=1&cat=3'

CASE 2

$html = "onclick='location:/?page=1&cat=3'"

echo htmlentities($html);

result: onclick='location:/?page=1&#38;cat=3'
    
18.01.2016 / 17:12