Jump to content


htmlentities() versus htmlspecialchars()?

  • Please log in to reply
1 reply to this topic

#1 arianhojat

  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 17 May 2006 - 05:04 PM

I need a clear explanation about when exactly htmlentities() is more useful versus htmlspecialchars() if anyone can help.

Anyone want to take a stab at explanation?
my best guess is htmlspecialchars() only does whats needed(' " & < >) so it seems like the default choice when need to pull database values and put them into html (which needs those chars escapes). But when would you need to convert all chars to their equivalents (i know there are probably alot of scanarios but was looking for common things you see in web programming)? Someone told me encoding/decoding values into the query string, but wasnt sure.

#2 obsidian

  • Staff Alumni
  • Advanced Member
  • 3,202 posts
  • LocationSeattle, WA

Posted 17 May 2006 - 05:56 PM

as far as a defining the differences between the two, i think the manual itself does that the best:

This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

as for one example when you might want to translate all characters to their equivalents may be if you're creating an RSS feed or generating XML or XHTML through the PHP. for best practices, it's good to use entities rather than the symbols themselves whenever possible.
You can't win, you can't lose, you can't break even... you can't even get out of the game.

while (count($life->getQuestions()) > 0)
{   $life->study(); } ?>
  LINKS: PHP: Manual MySQL: Manual PostgreSQL: Manual (X)HTML: Validate It! CSS: A List Apart | IE bug fixes | Zen Garden | Validate It! JavaScript: Reference Cards RegEx: Everything RegEx

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users