They are not only with <
, >
and &
, htmlentities
is much more than that
htmlspecialchars
Description
string htmlspecialchars ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )
Will convert characters to entities that affect HTML, with the following conversions:
-
&
will become &
-
>
will become <
-
<
will become >
-
"
will become "
(except when ENT_NOQUOTES
is set in $flags
)
-
'
will become &
, convert to '
when $flags
has ENT_HTML401
or '
when ENT_XML1
, ENT_XHTML
or ENT_HTML5
, but only when set $flags
com ENT_QUOTES
htmlentities
Description
string htmlentities ( string $string [, int $flags = ENT_COMPAT | ENT_HTML401 [, string $encoding = ini_get("default_charset") [, bool $double_encode = true ]]] )
The behavior is identical to the htmlspecialchars
by default for &
, >
, <
, "
, and '
specifically, ie nothing changes (# ), what htmlentities
differs is that in addition to the characters quoted, it will convert all characters that have representation in HTML entities, follows lists of (probably complete) characters:
A simple example of difference are the accents:
<?php
echo htmlspecialchars('<foo><bar>Olá Mundo!</bar></foo>'), "\n";
echo htmlentities('<foo><bar>Olá Mundo!</bar></foo>'), "\n";
The result will be this:
<foo><bar>Olá Mundo!</bar></foo>
<foo><bar>Olá Mundo!</bar></foo>
Example on IDEONE
Note also that the behavior of both functions can be adjusted by the flags:
-
ENT_COMPAT
, ENT_QUOTES
, ENT_NOQUOTES
, ENT_SUBSTITUTE
, ENT_DISALLOWED
, ENT_HTML401
, ENT_XML1
, ENT_XHTML
That is to say, it is emphasized that what differs in both functions is not the ENT_HTML5
characters mentioned in the other answer:
They do the same thing with the exception of a few characters "< > &"
Behaviors
Other behaviors may vary depending on the < > &
I've already mentioned, and can also change with the use of $flags
and $encoding
, however these are specific settings as needed.