html_entity_decode
When happens that you want to encode special characters but not the HTML tags using this function you've two options:
a) Build your own function and go replace by character; eg.
<?php
for($i = 0; $i < strlen($string); $i++){
switch(substr($string,$i,1)){
//..... A VERY HUGE switch here with all characters to encode.
}
}
?>
b) use this function and simple restore the html tags afterwards. Which gives you a 6 line function as follow:
<?php
function keephtml($string){
$res = htmlentities($string);
$res = str_replace("<","<",$res);
$res = str_replace(">",">",$res);
$res = str_replace(""",'"',$res);
$res = str_replace("&",'&',$res);
return $res;
}
?>
htmlentities
(PHP 4, PHP 5)
htmlentities — Wandelt alle geeigneten Zeichen in entsprechende HTML-Codes um
Beschreibung
string htmlentities
( string $string
[, int $quote_style = ENT_COMPAT
[, string $charset
[, bool $double_encode = true
]]] )
Die Funktion ist komplett identisch zu htmlspecialchars(), allerdings wandelt htmlentities() wirklich alle Zeichen, die eine HTML-Code-Entsprechung haben, in diese Entsprechung um.
Möchten Sie stattdessen die HTML Entities dekodieren, verwenden Sie bitte die Funktion html_entity_decode().
Parameter-Liste
- string
-
Die Eingabezeichenkette.
- quote_style
-
Wie bei htmlspecialchars() können Sie mit dem optionalen zweiten Parameter quote_style definieren, wie 'einfache' und "doppelte" Anführungszeichen behandelt werden. Es gibt drei Konstanten, wobei ENT_COMPAT voreingestellt ist:
Verfügbare quote_style Konstanten Konstante Beschreibung ENT_COMPAT Konvertiert nur doppelte Anführungszeichen und lässt einfache Anführungszeichen unverändert. ENT_QUOTES Konvertiert sowohl doppelte als auch einfache Anführungszeichen. ENT_NOQUOTES Lässt doppelte und einfache Anführungszeichen unverändert. - charset
-
Wie bei htmlspecialchars() steht das optionale dritte Argument charset zur Verfügung, das den für die Konvertierung benötigten Zeichensatz definiert. Gegenwärtig wird standardmäßig der ISO-8859-1 Zeichensatz verwendet.
Die folgenden Zeichensätze werden mit PHP 4.3.0 und höher unterstützt:
Unterstützte Zeichensätze Zeichensatz Alias Beschreibung ISO-8859-1 ISO8859-1 Westeuropäisch, Latin-1 ISO-8859-15 ISO8859-15 Westeuropäisch, Latin-9. Enthält das Euro-Zeichen sowie französische und finnische Buchstaben, die in Latin-1(ISO-8859-1) fehlen. UTF-8 ASCII-kompatibles Multi-Byte 8-Bit Unicode. cp866 ibm866, 866 DOS-spezifischer Kyrillischer Zeichensatz. Dieser Zeichensatz wird ab PHP Version 4.3.2 unterstützt. cp1251 Windows-1251, win-1251, 1251 Windows-spezifischer Kyrillischer Zeichensatz. Dieser Zeichensatz wird ab PHP Version 4.3.2 unterstützt. cp1252 Windows-1252, 1252 Windows spezifischer Zeichensatz für westeuropäische Sprachen. KOI8-R koi8-ru, koi8r Russisch. Dieser Zeichensatz wird ab PHP Version 4.3.2 unterstützt. BIG5 950 Traditionelles Chinesisch, hauptsächlich in Taiwan verwendet. GB2312 936 Vereinfachtes Chinesisch, nationaler Standard-Zeichensatz. BIG5-HKSCS Big5 mit Hongkong-spezifischen Erweiterungen; traditionelles Chinesisch. Shift_JIS SJIS, 932 Japanisch EUC-JP EUCJP Japanisch Hinweis: Weitere Zeichensätze sind nicht implementiert, an ihrer Stelle wird ISO-8859-1 verwendet.
- double_encode
-
Wenn double_encode ausgeschaltet ist, verändert PHP keine bereits vorhandenen HTML-Entities. Standardmäßig wird jedoch alles konvertiert.
Rückgabewerte
Gibt die kodierte Zeichenkette zurück.
Changelog
| Version | Beschreibung |
|---|---|
| 5.2.3 | Der Parameter double_encode wurde hinzugefügt. |
| 4.1.0 | Der Parameter charset wurde hinzugefügt. |
| 4.0.3 | Der Parameter quote_style wurde hinzugefügt. |
Beispiele
Beispiel #1 Ein htmlentities()-Beispiel
<?php
$str = "Ein 'Anführungszeichen' ist <b>fett</b>";
// Gibt aus: Ein 'Anführungszeichen' ist <b>fett</b>
echo htmlentities($str);
// Gibt aus: Ein 'Anführungszeichen' ist <b>fett</b>
echo htmlentities($str, ENT_QUOTES);
?>
Siehe auch
- html_entity_decode() - Konvertiert alle benannten HTML-Zeichen in ihre entsprechenden Ursprungszeichen
- get_html_translation_table() - Gibt die Umwandlungs-Tabelle zurück, die von htmlspecialchars und htmlentities verwendet wird
- htmlspecialchars() - Wandelt Sonderzeichen in HTML-Codes um
- nl2br() - Fügt vor allen Zeilenumbrüchen eines Strings HTML-Zeilenumbrüche ein
- urlencode() - URL-kodiert einen String
add a note
User Contributed Noteshtmlentities
sirarthur at sirarthur dot info
05-Oct-2009 10:05
05-Oct-2009 10:05
montana
09-Jul-2009 06:54
09-Jul-2009 06:54
under what circumstances would someone want a ntilde [ñ] to be converted into "ñ" as htmlentities does?
the correct method of translation should return the accurate NCR for the multibyte unicode sequence
which in this case is ñ
<?php
//simple task: convert everything from utf-8 into an NCR[numeric character reference]
class unicode_replace_entities {
public function UTF8entities($content="") {
$contents = $this->unicode_string_to_array($content);
$swap = "";
$iCount = count($contents);
for ($o=0;$o<$iCount;$o++) {
$contents[$o] = $this->unicode_entity_replace($contents[$o]);
$swap .= $contents[$o];
}
return mb_convert_encoding($swap,"UTF-8"); //not really necessary, but why not.
}
public function unicode_string_to_array( $string ) { //adjwilli
$strlen = mb_strlen($string);
while ($strlen) {
$array[] = mb_substr( $string, 0, 1, "UTF-8" );
$string = mb_substr( $string, 1, $strlen, "UTF-8" );
$strlen = mb_strlen( $string );
}
return $array;
}
public function unicode_entity_replace($c) { //m. perez
$h = ord($c{0});
if ($h <= 0x7F) {
return $c;
} else if ($h < 0xC2) {
return $c;
}
if ($h <= 0xDF) {
$h = ($h & 0x1F) << 6 | (ord($c{1}) & 0x3F);
$h = "&#" . $h . ";";
return $h;
} else if ($h <= 0xEF) {
$h = ($h & 0x0F) << 12 | (ord($c{1}) & 0x3F) << 6 | (ord($c{2}) & 0x3F);
$h = "&#" . $h . ";";
return $h;
} else if ($h <= 0xF4) {
$h = ($h & 0x0F) << 18 | (ord($c{1}) & 0x3F) << 12 | (ord($c{2}) & 0x3F) << 6 | (ord($c{3}) & 0x3F);
$h = "&#" . $h . ";";
return $h;
}
}
}//
//utf-8 environment
$content = "<strong>baño baño baño</strong>日本語 = nihongo da ze.<br />";
$oUnicodeReplace = new unicode_replace_entities();
$content = $oUnicodeReplace->UTF8entities($content);
echo "<br />Result:<br />";
echo $content;
$source = htmlentities($content);
echo "<br />htmlentities of resulting data:<br />";
echo $source;
echo "<br /><br />Note: Entities get replaced with 'literals' in textarea FF3<br /><br />";
echo "<textarea style='width:300px;height:150px;'>";
echo $content;
echo "</textarea>";
echo "<br /><br />For editing NCR's rather than 'literals' in a textarea<br /><br />";
echo "<textarea style='width:300px;height:150px;'>";
echo preg_replace("/(&#)+/","&#",$content);
echo "</textarea>";
?>
brianhamner at yahoo dot com
09-Jul-2009 06:26
09-Jul-2009 06:26
If you want something simple that actually works, try this. Strips MS word and other entities and returns a clear data string:
<?php
//call this function
function DoHTMLEntities ($string) {
$trans_tbl[chr(145)] = '‘';
$trans_tbl[chr(146)] = '’';
$trans_tbl[chr(147)] = '“';
$trans_tbl[chr(148)] = '”';
$trans_tbl[chr(142)] = 'é';
$trans_tbl[chr(150)] = '–';
$trans_tbl[chr(151)] = '—';
return strtr ($string, $trans_tbl);
}
//insert your string variable here
$foo = str_replace("\r\n\r\n","",htmlentities($your_string));
$foo2 = str_replace("\r\n"," ",$foo);
$foo3 = str_replace(" & ","&",$foo2);
echo DoHTMLEntities ($foo3);
?>
alonso05 at gmail dot com
01-Jul-2009 06:22
01-Jul-2009 06:22
Hello, I found a great function when you need a way to encode content from the database as numeric entity references, as that’s a safe way to use high characters and special characters in an xml document, like in an RSS feed.
<?php
function xml_character_encode($string, $trans='') {
$trans = (is_array($trans)) ? $trans : get_html_translation_table(HTML_ENTITIES, ENT_QUOTES);
foreach ($trans as $k=>$v)
$trans[$k]= "&#".ord($k).";";
return strtr($string, $trans);
}
?>
mzvarik at gmail dot com
15-May-2009 02:03
15-May-2009 02:03
CZECH entities:
<?php
$ent = array(
'ě' => 'ě',
'Ě' => 'Ě',
'š' => 'š',
'Š' => 'Š',
'č' => 'č',
'Č' => 'Č',
'ř' => 'ř',
'Ř' => 'Ř',
'ž' => 'ž',
'Ž' => 'Ž',
'ý' => 'ý',
'Ý' => 'Ý',
'á' => 'á',
'Á' => 'Á',
'í' => 'í',
'Í' => 'Í',
'é' => 'é',
'É' => 'É',
'ú' => 'ú',
'ů' => 'ů',
'Ů' => 'Ů',
'ď' => 'ď',
'Ď' => 'Ď',
'ť' => 'ť',
'Ť' => 'Ť',
'ň' => 'ň',
'Ň' => 'Ň'
);
echo strtr('ěščřžýáíéúůďťňĚŠČŘŽÝÁÍÉÚŮĎŤŇ', $ent);
?>
busbyjon at gmail dot com
07-Apr-2009 10:49
07-Apr-2009 10:49
I took one of the previous functions above - (which only encodes the string once - which is great) and added the ability to encode & -> &
See below.
Its a shame we cant do this straight with htmlentities (with double encode set to false)
<?php
function htmlButTags($str) {
// Take all the html entities
$caracteres = get_html_translation_table(HTML_ENTITIES);
// Find out the "tags" entities
$remover = get_html_translation_table(HTML_SPECIALCHARS);
// Spit out the tags entities from the original table
$caracteres = array_diff($caracteres, $remover);
// Translate the string....
$str = strtr($str, $caracteres);
// And that's it!
// oo now amps
$str = preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , $str);
return $str;
}
?>
gunter [dot] sammet [at] gmail [dot] com
13-Jan-2009 07:48
13-Jan-2009 07:48
Had a heck of a time to get my rss entities right. using htmlentities didn't work and using html_entity_decode didn't work either. Ended up writing a custom function to encode and decode. It might still need some work but I thought to share it because I couldn't find anything on the net. Always open for suggestions to improve it! Here it is:
<?php
$entity_custom_from = false;
$entity_custom_to = false;
function html_entity_decode_encode_rss($data) {
global $entity_custom_from, $entity_custom_to;
if(!is_array($entity_custom_from) || !is_array($entity_custom_to)){
$array_position = 0;
foreach (get_html_translation_table(HTML_ENTITIES) as $key => $value) {
//print("<br />key: $key, value: $value <br />\n");
switch ($value) {
// These ones we can skip
case ' ':
break;
case '>':
case '<':
case '"':
case ''':
case '&':
$entity_custom_from[$array_position] = $key;
$entity_custom_to[$array_position] = $value;
$array_position++;
break;
default:
$entity_custom_from[$array_position] = $value;
$entity_custom_to[$array_position] = $key;
$array_position++;
}
}
}
return str_replace($entity_custom_from, $entity_custom_to, $data);
}
?>
Tom Walter
17-Oct-2008 04:14
17-Oct-2008 04:14
Note that as of 5.2.5 it appears that if the input string contains a character that is not valid for the output encoding you've specified, then this function returns null.
You might expect it to just strip the invalid char, but it doesn't.
You can strip the chars yourself like so:
iconv('utf-8','utf-8',$str);
You can combine that with htmlentities also:
$str = htmlentities(iconv('UTF-8', 'UTF-8//IGNORE', $str, ENT_QUOTES, 'UTF-8');
Should give you a string with htmlentities encoded to utf-8, and any unsupported chars stripped.
Kenneth Kin Lum
23-Sep-2008 01:47
23-Sep-2008 01:47
use htmlspecialchars() if you are passing in a usual ASCII string. It is faster than htmlentities().
For example, if you are just doing
htmlentities('<div style="background: #fff"></div>');
then you can just use htmlspecialchars(). htmlentities() will look for all possible ways to convert string into html entities, such as © or é (which is e with an acute accent on top).
Note that ASCII is just 7 bit, which is 0x00 to 0x7F. htmlspecialchars() will handle characters inside this range already. htmlentities() is for the 8-bit Latin-1 (ISO-8859-1) to handle European characters, or for UTF-8 when the 3rd argument is "UTF-8" to handle UTF-8 characters, or other types of encodings using different values for the 3rd argument passed into htmlentities().
snevi at im dot com dot ve
22-Jul-2008 03:10
22-Jul-2008 03:10
correction to my previous post and improvement of the function: (the post was changed by the html parser and the characters displays as they should not)
<?php
function XMLEntities($string)
{
$string = preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '_privateXMLEntities("$0")', $string);
return $string;
}
function _privateXMLEntities($num)
{
$chars = array(
128 => '€',
130 => '‚',
131 => 'ƒ',
132 => '„',
133 => '…',
134 => '†',
135 => '‡',
136 => 'ˆ',
137 => '‰',
138 => 'Š',
139 => '‹',
140 => 'Œ',
142 => 'Ž',
145 => '‘',
146 => '’',
147 => '“',
148 => '”',
149 => '•',
150 => '–',
151 => '—',
152 => '˜',
153 => '™',
154 => 'š',
155 => '›',
156 => 'œ',
158 => 'ž',
159 => 'Ÿ');
$num = ord($num);
return (($num > 127 && $num < 160) ? $chars[$num] : "&#".$num.";" );
}
?>
in the previous post, to correct the HEX values that are not rendered, the program use a for each cicle, but that introduces a mayor complexity in execution time, so, we use the ability to call functions in the preg_replace second parameter, and ceate another funcion that evaluates the ord of the character given, and if it is between 127 and 160 it returns the modified HEX value to be understood by the browser and not brake the XML
(this work with dynamic XML generated form php with dynamic data from any source)
p.d: the '&'(&) should appear in this post as a single ampersand character and not as the html entity
keenskelly at gmail dot com
09-Jul-2008 07:00
09-Jul-2008 07:00
Correction to my previous post: the set of ENTITY declarations must be inside a <!DOCTYPE element; also is NOT pre-defined in XML and must be left in the entity list. I also extended the list with the windows 1252 character set using a sample function borrowed from php.net user comments and extended with euro entity which we need for our app. Here is the final code that is in our production app:
<?php
// Generate a list of entity declarations from the HTML_ENTITIES set that PHP knows about to dump into the document
function htmlentities_entities() {
$output = "<!DOCTYPE html [\n";
foreach (get_html_translation_table_CP1252(HTML_ENTITIES) as $value) {
$name = substr($value, 1, strlen($value) - 2);
switch ($name) {
// These ones we can skip because they're built into XML
case 'gt':
case 'lt':
case 'quot':
case 'apos':
case 'amp': break;
default: $output .= "<!ENTITY {$name} \"&{$name};\">\n";
}
}
$output .= "]>\n";
return($output);
}
// ref: http://php.net/manual/en/function.get-html-translation-table.php#76564
function get_html_translation_table_CP1252($type) {
$trans = get_html_translation_table($type);
$trans[chr(130)] = '‚'; // Single Low-9 Quotation Mark
$trans[chr(131)] = 'ƒ'; // Latin Small Letter F With Hook
$trans[chr(132)] = '„'; // Double Low-9 Quotation Mark
$trans[chr(133)] = '…'; // Horizontal Ellipsis
$trans[chr(134)] = '†'; // Dagger
$trans[chr(135)] = '‡'; // Double Dagger
$trans[chr(136)] = 'ˆ'; // Modifier Letter Circumflex Accent
$trans[chr(137)] = '‰'; // Per Mille Sign
$trans[chr(138)] = 'Š'; // Latin Capital Letter S With Caron
$trans[chr(139)] = '‹'; // Single Left-Pointing Angle Quotation Mark
$trans[chr(140)] = 'Œ'; // Latin Capital Ligature OE
$trans[chr(145)] = '‘'; // Left Single Quotation Mark
$trans[chr(146)] = '’'; // Right Single Quotation Mark
$trans[chr(147)] = '“'; // Left Double Quotation Mark
$trans[chr(148)] = '”'; // Right Double Quotation Mark
$trans[chr(149)] = '•'; // Bullet
$trans[chr(150)] = '–'; // En Dash
$trans[chr(151)] = '—'; // Em Dash
$trans[chr(152)] = '˜'; // Small Tilde
$trans[chr(153)] = '™'; // Trade Mark Sign
$trans[chr(154)] = 'š'; // Latin Small Letter S With Caron
$trans[chr(155)] = '›'; // Single Right-Pointing Angle Quotation Mark
$trans[chr(156)] = 'œ'; // Latin Small Ligature OE
$trans[chr(159)] = 'Ÿ'; // Latin Capital Letter Y With Diaeresis
$trans['euro'] = '€'; // euro currency symbol
ksort($trans);
return $trans;
}
?>
[EDIT BY danbrown AT php DOT net: The user's original note contained the following text:
"So here's something fun: if you create an XML document in PHP and use htmlentities() to encode text data, then later want to read and parse the same document with PHP's xml_parse(), unless you include entity declarations into the generated document, the parser will stop on the unknown entities.
To account for this, I created a small function to take the translation table and turn it into XML <!ENTITY> definitions. I insert this output into the XML document immediately after the <?xml?> line and the parse errors magically vanish"
]
mat at matinfo dot ch
21-Apr-2008 08:34
21-Apr-2008 08:34
Hi,
below a method to convert UTF-8 Latin-1 characters to HTML-Entity,
I'm created this to translate string with HTML element on it and i just wont to convert entities.
<?php
function convertLatin1ToHtml($str) {
$html_entities = array (
"&" => "&", #ampersand
"á" => "á", #latin small letter a
"Â" => "Â", #latin capital letter A
"â" => "â", #latin small letter a
"Æ" => "Æ", #latin capital letter AE
"æ" => "æ", #latin small letter ae
"À" => "À", #latin capital letter A
"à" => "à", #latin small letter a
"Å" => "Å", #latin capital letter A
"å" => "å", #latin small letter a
"Ã" => "Ã", #latin capital letter A
"ã" => "ã", #latin small letter a
"Ä" => "Ä", #latin capital letter A
"ä" => "ä", #latin small letter a
"Ç" => "Ç", #latin capital letter C
"ç" => "ç", #latin small letter c
"É" => "É", #latin capital letter E
"é" => "é", #latin small letter e
"Ê" => "Ê", #latin capital letter E
"ê" => "ê", #latin small letter e
"È" => "È", #latin capital letter E
/*... sorry cutting because limitation of php.net ...
... but the principle is it ;) ... */
"û" => "û", #latin small letter u
"Ù" => "Ù", #latin capital letter U
"ù" => "ù", #latin small letter u
"Ü" => "Ü", #latin capital letter U
"ü" => "ü", #latin small letter u
"Ý" => "Ý", #latin capital letter Y
"ý" => "ý", #latin small letter y
"ÿ" => "ÿ", #latin small letter y
"Ÿ" => "Ÿ", #latin capital letter Y
);
foreach ($html_entities as $key => $value) {
$str = str_replace($key, $value, $str);
}
return $str;
}
?>
za at byza dot it
15-Apr-2008 06:15
15-Apr-2008 06:15
Trouble when using files with different charset?
htmlentities and html_entity_decode can be used to translate between charset!
Sample function:
<?php
function utf2latin($text) {
$text=htmlentities($text,ENT_COMPAT,'UTF-8');
return html_entity_decode($text,ENT_COMPAT,'ISO-8859-1');
}
?>
TKVLPUAIBSDB at spammotel dot com
14-Nov-2007 01:11
14-Nov-2007 01:11
Yet another "help paste from MS Word" function. Characters from ISO-8859-1 charset are left in peace, while entities are built for non-standard characters from Windows CP1252.
<?php
function win1252toIso( $string ) {
// These chars seem to be not contained
// in php's CP1252 translation table
static $extensions = array(
142 => "Ž",
158 => "ž"
);
// Go through string and decide char by char:
// "leave as is or build entity?"
$newStr = "";
for( $i=0; $i < strlen( $string ); $i++ ) {
$ord = ord( $string[$i] );
if ( in_array( $ord, array_keys( $extensions ) ) ) {
// build entity using extra translation table
$newStr .= $extensions[$ord];
}
else {
// build entity using php's translation table
// or leave as is
$newStr .= ( $ord > 127 && $ord < 160 ) ?
htmlentities( $string[$i], ENT_NOQUOTES, "CP1252" )
: $string[$i];
}
}
return $newStr;
}
?>
marktpitman at gmail dot com
15-Oct-2007 04:21
15-Oct-2007 04:21
I just thought I would add that if you're using the default charset, htmlentities will not correctly return the trademark ( ™ ) sign.
Instead it will return something like this: �
If you need the trademark symbol, use:
<?php htmlentities( $html, ENT_QUOTES, "UTF-8" ); ?>
D. Gasser
24-Apr-2007 07:40
24-Apr-2007 07:40
When using UTF-8 as charset, you'll have to set UTF-8 in braces, otherwise the varaible is not recognized.
ghoffman at salientdigital dot com
04-Apr-2007 08:17
04-Apr-2007 08:17
If you are looking for a comprehensive visual list of entities check here:
http://www.w3schools.com/tags/ref_entities.asp
q (dot) rendeiro (at) gmail (dot) com
07-Mar-2007 01:41
07-Mar-2007 01:41
I've seen lots of functions to convert all the entities, but I needed to do a fulltext search in a db field that had named entities instead of numeric entities (edited by tinymce), so I searched the tinymce source and found a string with the value->entity mapping. So, i wrote the following function to encode the user's query with named entities.
The string I used is different of the original, because i didn't want to convert ' or ". The string is too long, so I had to cut it. To get the original check TinyMCE source and search for nbsp or other entity ;)
<?php
$entities_unmatched = explode(',', '160,nbsp,161,iexcl,162,cent, [...] ');
$even = 1;
foreach($entities_unmatched as $c) {
if($even) {
$ord = $c;
} else {
$entities_table[$ord] = $c;
}
$even = 1 - $even;
}
function encode_named_entities($str) {
global $entities_table;
$encoded_str = '';
for($i = 0; $i < strlen($str); $i++) {
$ent = @$entities_table[ord($str{$i})];
if($ent) {
$encoded_str .= "&$ent;";
} else {
$encoded_str .= $str{$i};
}
}
return $encoded_str;
}
?>
realcj at g mail dt com
06-Nov-2006 07:41
06-Nov-2006 07:41
If you are building a loadvars page for Flash and have problems with special chars such as " & ", " ' " etc, you should escape them for flash:
Try trace(escape("&")); in flash' actionscript to see the escape code for &;
% = %25
& = %26
' = %27
<?php
function flashentities($string){
return str_replace(array("&","'"),array("%26","%27"),$string);
}
?>
Those are the two that concerned me. YMMV.
eric.wallet at yahoo.fr
26-Sep-2006 01:57
26-Sep-2006 01:57
First method convert characters to decimal values.
Second will reverse the problem !!!
<?php
function htmlnumericentities($str){
return preg_replace('/[^!-%\x27-;=?-~ ]/e', '"&#".ord("$0").chr(59)', $str);
}
function numericentitieshtml($str){
return utf8_encode(preg_replace('/&#(\d+);/e', 'chr(str_replace(";","",str_replace("&#","","$0")))', $str));
}
echo (htmlnumericentities ("Ceci est un test : & é $ à ç <"));
echo ("<br/>\n");
echo (numericentitieshtml (htmlnumericentities ("Ceci est un test : & é $ à ç <")));
?>
Output is :
Ceci est un test : & é $ à ç <<br/>
Ceci est un test : & é $ à ç <
daviscabral[arroba]gmail[ponto]com
28-Jul-2006 09:52
28-Jul-2006 09:52
unhtmlentities for all entities:
<?php
function unhtmlentities ($string) {
$trans_tbl1 = get_html_translation_table (HTML_ENTITIES);
foreach ( $trans_tbl1 as $ascii => $htmlentitie ) {
$trans_tbl2[$ascii] = '&#'.ord($ascii).';';
}
$trans_tbl1 = array_flip ($trans_tbl1);
$trans_tbl2 = array_flip ($trans_tbl2);
return strtr (strtr ($string, $trans_tbl1), $trans_tbl2);
}
?>
info at pirandot dot de
22-Jul-2006 04:14
22-Jul-2006 04:14
The data returned by a text input field is ready to be used in a data base query when enclosed in single quotes, e.g.
<?php
mysql_query ("SELECT * FROM Article WHERE id = '$data'");
?>
But you will get problems when writing back this data into the input field's value,
<?php
echo "<input name='data' type='text' value='$data'>";
?>
because hmtl codes would be interpreted and escape sequences would cause strange output.
The following function may help:
<?php
function deescape ($s, $charset='UTF-8')
{
// don't interpret html codes and don't convert quotes
$s = htmlentities ($s, ENT_NOQUOTES, $charset);
// delete the inserted backslashes except those for protecting single quotes
$s = preg_replace ("/\\\\([^'])/e", '"&#" . ord("$1") . ";"', $s);
// delete the backslashes inserted for protecting single quotes
$s = str_replace ("\\'", "&#" . ord ("'") . ";", $s);
return $s;
}
?>
Try some input like: a'b"c\d\'e\"f\\g&x#27;h to test ...
anonymous
26-Apr-2006 09:38
26-Apr-2006 09:38
This function will encode anything that is non Standard ASCII (that is, that is above #127 in the ascii table)
<?php
// allhtmlentities : mainly based on "chars_encode()" by Tim Burgan <timburgan@gmail.com> [http://www.php.net/htmlentities]
function allhtmlentities($string) {
if ( strlen($string) == 0 )
return $string;
$result = '';
$string = htmlentities($string, HTML_ENTITIES);
$string = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
$ord = 0;
for ( $i = 0; $i < count($string); $i++ ) {
$ord = ord($string[$i]);
if ( $ord > 127 ) {
$string[$i] = '&#' . $ord . ';';
}
}
return implode('',$string);
}
?>
edo at edwaa dot com
18-Nov-2005 05:48
18-Nov-2005 05:48
A version of the xml entities function below. This one replaces the "prime" character (′) with which I had difficulties.
<?php
// XML Entity Mandatory Escape Characters
function xmlentities($string) {
return str_replace ( array ( '&', '"', "'", '<', '>', '�' ), array ( '&' , '"', ''' , '<' , '>', ''' ), $string );
}
?>
info at bleed dot ws
15-Oct-2005 07:42
15-Oct-2005 07:42
here the centralized version of htmlentities() for multibyte.
<?php
function mb_htmlentities($string)
{
$string = htmlentities($string, ENT_COMPAT, mb_internal_encoding());
return $string;
}
?>
fanfatal at fanfatal dot pl
28-Aug-2005 11:28
28-Aug-2005 11:28
I wrote usefull function which is support iso-8859-2 encoding with htmlentities function ;]
<?php
/*
* Function htmlentities which support iso-8859-2
*
* @param string
* @return string
* @author FanFataL
*/
function htmlentities_iso88592($string='') {
$pl_iso = array('ê', 'ó', '±', '¶', '³', '¿', '¼', 'æ', 'ñ', 'Ê', 'Ó', '¡', '¦', '£', '¬', '¯', 'Æ', 'Ñ');
$entitles = get_html_translation_table(HTML_ENTITIES);
$entitles = array_diff($entitles, $pl_iso);
return strtr($string, $entitles);
}
?>
Greatings ;-)
...
send at mail dot 2aj dot net
14-Jul-2005 07:03
14-Jul-2005 07:03
If you are programming XML documents and are using the htmlentities function, then performing a str_replace on ' into ' to set mandatory escape characters you can use this simple function instead.
This function, xmlentities, is basically the XML parsing equivalent of htmlentities, with fewer options than its HTML counterpart:
<?php
// XML Entity Mandatory Escape Characters
function xmlentities ( $string )
{
return str_replace ( array ( '&', '"', "'", '<', '>' ), array ( '&' , '"', ''' , '<' , '>' ), $string );
}
?>
Example:
<?php
function xmlentities($string)
{
return str_replace ( array ( '&', '"', "'", '<', '>' ), array ( '&' , '"', ''' , '<' , '>' ), $string );
}
echo xmlentities("If you don't use these mandatory escape characters <tags> between </tags>, XML will \"eXtensively\" & \"implicitly\" give you errors.");
?>
Produces...
If you don't use these mandatory escape characters <tags> between </tags>, XML will "eXtensively" & "implicitly" give you errors.
marques at displague dot com
24-Jan-2005 07:01
24-Jan-2005 07:01
htmlEncodeText (below) needs a small tweak, the dash needs to be made literal to get picked up in cases like '<a href="blah-blah.php">'. I have been using this function to parse my postgresql database calls since I have alot of unicode data and I don't want HTML data to be neutered (via htmlentities()).
<?php
function htmlEncodeText ($string)
{
$pattern = '<([a-zA-Z0-9\.\, "\'_\/\-\+~=;:\(\)?&#%![\]@]+)>';
preg_match_all ('/' . $pattern . '/', $string, $tagMatches, PREG_SET_ORDER);
$textMatches = preg_split ('/' . $pattern . '/', $string);
foreach ($textMatches as $key => $value) {
$textMatches [$key] = htmlentities ($value);
}
for ($i = 0; $i < count ($textMatches); $i ++) {
$textMatches [$i] = $textMatches [$i] . $tagMatches [$i] [0];
}
return implode ($textMatches);
}
?>
--Editor note: Combined some corrections to the regex pattern, thanks to fabian dot lange at web dot de, hammertscrew at veryweb dot com, webmaster AT scholesmafia DOT co DOT uk, thomas AT cosifan DOT de and marques at displague dot com---
Miguel (miguel at sigmanet dot com dot br)
20-Oct-2004 05:43
20-Oct-2004 05:43
This is a simple script that I'm using to encode and decode values from a form. Save it with the name that you wish.
<?php
/* When you call anyone of the two functions, set the $_str
variable to the string that you want to encode or decode */
/* This function encodes the string.
You can safetly use this function to save its result in a
database. It eliminates any space in the beginning ou end
of the string, HTML and PHP tags, and encode any special
char to the usual HTML entities (&[...];), eliminating the
possibility of bugs in inserting data on a table */
function encodeText($_str) {
$_str = strip_tags($_str);
$_str = trim($_str);
$_str = htmlentities($_str);
$_str = str_replace("\r\n", "#BR#", $_str);
return($_str);
}
/* This function decodes the string.
If you are showing the string in the body of a page, you
can set the $_form variable to "false", and the function will
use the "BR" tag to the new lines. But, if you need to show
the string in a textarea, text or other input types of a form
set the $_form variable to "true", then the function will use
the "\r\n" to the new lines */
function decodeText($_str, $_form) {
$trans_tbl = get_html_translation_table (HTML_ENTITIES);
$trans_tbl = array_flip ($trans_tbl);
$_str = strtr($_str, $trans_tbl);
if ($_form) {
$_nl = "\r\n";
} else {
$_nl = "<br>";
}
$_str = str_replace("#BR#", "$_nl", $_str);
return($_str);
}
?>
m227 at poczta dot onet dot pl
26-May-2004 12:00
26-May-2004 12:00
<?php
// tested with PHP 4.3.4, Apache 1.29
// function works like original htmlentities
// but preserves Polish characters encoded in CP-1250
// (Windows code page) from false conversion
// m227@poczta.onet.pl, 2004
function htmlentities1250($str)
{
// four chars does not need any conversion
// s` (9c), z` (9f), Z` (8f), S` (8c)
$trans = array(
"³" => "\xb3", // "l-"
"¹" => "\xb9", // "a,"
"ê" => "\xea", // "e,"
"æ" => "\xe6", // "c`"
"ñ"=> "\xf1", // "n`"
"¿"=> "\xbf", // "z."
"¥" => "\xa5", // "A,"
"Æ" => "\xc6", // "C`"
"¯" => "\xaf", // "Z."
"Ê" => "\xca", // "E,"
"ó"=> "\xf3", // "o`"
"Ó"=> "\xd3", // "O`"
"£" => "\xa3", // "L-"
"Ñ"=> "\xd1" // "N`"
);
return strtr(htmlentities($str), $trans);
}
?>
mail at britlinks dot com
19-May-2004 06:27
19-May-2004 06:27
similar to cedric at shift-zone dot be's function, this 'cleans up' text from MS Word, and other non-alphanumeric characters to their valid [X]HTML counterparts
<?php
// strips slashes, and converts special characters to HTML equivalents for string defined in $var
function htmlfriendly($var,$nl2br = false){
$chars = array(
128 => '€',
130 => '‚',
131 => 'ƒ',
132 => '„',
133 => '…',
134 => '†',
135 => '‡',
136 => 'ˆ',
137 => '‰',
138 => 'Š',
139 => '‹',
140 => 'Œ',
142 => 'Ž',
145 => '‘',
146 => '’',
147 => '“',
148 => '”',
149 => '•',
150 => '–',
151 => '—',
152 => '˜',
153 => '™',
154 => 'š',
155 => '›',
156 => 'œ',
158 => 'ž',
159 => 'Ÿ');
$var = str_replace(array_map('chr', array_keys($chars)), $chars, htmlentities(stripslashes($var)));
if($nl2br){
return nl2br($var);
} else {
return $var;
}
}
?>
cedric at shift-zone dot be
04-May-2004 03:02
04-May-2004 03:02
This is a conversion function for special chars.
Very usefull to convert a word document into valid html
(the html provided is successfully parsed by sablotron 0.97 using iso-8859-1 charset) :
<?php
function convertDoc2HTML($txt){
$len = strlen($txt);
$res = "";
for($i = 0; $i < $len; ++$i) {
$ord = ord($txt{$i});
// check only non-standard chars
if($ord >= 126){
$res .= "&#".$ord.";";
}
else {
// escape ", ' and \ chars
switch($ord){
case 34 :
$res .= "\\\"";
break;
case 39 :
$res .= "\'";
break;
case 92 :
$res .= "\\\\";
break;
default : // the rest does not have to be modified
$res .= $txt{$i};
}
}
}
return $res;
}
?>
jake_mcmahon at hotmail dot com
29-Apr-2004 11:29
29-Apr-2004 11:29
This fuction is particularly useful against XSS (cross-site-scripting-). XSS makes use of holes in code, whether it be in Javascript or PHP. XSS often, if not always, uses HTML entities to do its evil deeds, so this function in co-operation with your scripts (particularly search or submitting scripts) is a very useful tool in combatting "H4X0rz".
Guillaume Beaulieu
11-Apr-2004 11:10
11-Apr-2004 11:10
Here's a simple script to transform filename with accented character in it into much more usable unaccented character for a restrictive filesystem.
<?php
$string = htmlentities($stringToModify);
/* Take the first letter of the entity (if you got filename with ([<>] in it the result will probably remain lookable*/
$string = preg_replace("/\&(.)[^;]*;/", "\\1", $string);
/* Change the whitespace into _*/
$string = preg_replace("/[ ]/", "_", $string);
/* Dance ! */
print $string;
?>
Funky Ants
04-Apr-2004 09:55
04-Apr-2004 09:55
I had a problem working with partially html encoded data, with a selection of unescaped ampersands, hex coded, and characters in "&", style.
Which ive finally overcome by decoding all of the data, adn then reincoding it all.
I found a combination of a couple of peoples work useful.
<?php
function get_htmlspecialchars( $given, $quote_style = ENT_QUOTES ){
return htmlentities( unhtmlentities( $given ) , $quote_style );
}
function unhtmlentities( $string ){
$trans_tbl = get_html_translation_table ( HTML_ENTITIES );
$trans_tbl = array_flip( $trans_tbl );
$ret = strtr( $string, $trans_tbl );
return preg_replace( '/&#(\d+);/me' , "chr('\\1')" , $ret );
}
?>
wwb at 3dwargamer dot net
01-Apr-2004 02:49
01-Apr-2004 02:49
htmlentites is a very handy function, but it fails to fix one thing which I deal with alot: word 'smart' quotes and emdashes.
The below function replaces the funky double quotes with ", funky single quotes with standard single quotes and fixes emdashes.
<?php
function CleanupSmartQuotes($text)
{
$badwordchars=array(
chr(145),
chr(146),
chr(147),
chr(148),
chr(151)
);
$fixedwordchars=array(
"'",
"'",
'"',
'"',
'—'
);
return str_replace($badwordchars,$fixedwordchars,$text);
}
?>
Julien CROUZET
27-Nov-2003 09:01
27-Nov-2003 09:01
If you are looking for a htmlentities inverse :
<?php
$table = array_flip(get_html_translation_table(HTML_ENTITIES));
$plaintext = strtr($html, $table);
?>
Here is a full example to extract plaintext from a SIMPLE html page (not table, etc...)
<?php
$file_content = file_get_contents($htmlfile);
$file_content = strip_tags($file_content, '<br>');
$file_content = preg_replace('/<br( )?(\/)?>/i', "\n", $file_content);
$file_content = wordwrap($file_content);
$table = array_flip(get_html_translation_table(HTML_ENTITIES));
$file_content = strtr($file_content, $table);
?>
dmurphy at telegeography dot com
19-Sep-2003 08:14
19-Sep-2003 08:14
<?php
// htmlentities() does not support Mac Roman, so this is a workaround. It requires the below table.
// This function runs on a Mac OSX machine, where text is stored in the Mac Roman character set inside a Mac OSX MySQL table.
function custom_htmlentities ($string, $table) {
// Loop throught the array, replacing each ocurrance
for ($n = 0; $n < count($table); $n++) {
$table_line = each($table);
// use the chr function to get the one character string for each ascii decimal code
$find_char = chr($table_line[key]);
$replace_string = $table_line[value];
$string = str_replace($find_char, $replace_string, $string);
}
return $string;
}
?>
defrostdj at defrostdj dot com
25-Jul-2003 09:10
25-Jul-2003 09:10
Here you have a character map function ;)
<?php
function htmldecode($encoded, $char = 'HTML_SPECIALCHARS') {
foreach($encoded as $key => $value){
echo $value .' --> ';
if ($char == 'HTML_SPECIALCHARS') {
echo htmlspecialchars($value);
} else {
echo htmlentities($value);
}
echo '>br<';
}
}
echo 'ENTITIES<>br<><>br<>';
$entities = get_html_translation_table (HTML_ENTITIES);
htmldecode($entities, 'HTML_ENTITIES');
echo '<>br<>SPECIAL CHARACTERS<>br<><>br<>';
$specialchars = get_html_translation_table (HTML_SPECIALCHARS);
htmldecode($specialchars, 'HTML_SPECIALCHARS');
?>
So next time you're developing you'll always have a charmap ready to use.
Anthony Aragues
24-Jun-2003 01:24
24-Jun-2003 01:24
I found in a previous not the function for encoding the input... which worked great, but it also encoded the   and <br> that was being automatically added in my POST, so I created and Output function to go with it that worked for me:
<?php
function VerbatimInput($String)
{
$Output = mysql_escape_string(htmlentities(addslashes($String)));
return $Output;
}
function VerbatimOutput($Input)
{
$Output = str_replace("<br />", "<br>", "$Input");
$Output = str_replace("&nbsp;", " ", "$Output");
return $Output;
}
?>
rob at neorosa dot com
01-Mar-2003 05:12
01-Mar-2003 05:12
This function will encode everything, either using ascii values or special entities:
<?php
function encode_everything($string){
$encoded = "";
for ($n=0;$n<strlen($string);$n++){
$check = htmlentities($string[$n],ENT_QUOTES);
$string[$n] == $check ? $encoded .= "&#".ord($string[$n]).";" : $encoded .= $check;
}
return $encoded;
}
?>
so you can use:
<?php $emailAddress = encode_everything($emailAddress); ?>
to protect an email address - although I imagine it's not a great deal of protection.
Bassie (:
06-Jan-2003 01:07
06-Jan-2003 01:07
Note that you'll have use htmlentities() before any other function who'll edit text like nl2br().
If you use nl2br() first, the htmlentities() function will change < br > to <br>.