 |  |
| |
For HTML you wish to display as plain text, with embedded links and other tags, use htmlentities( ):
echo htmlentities('<p>O'Reilly & Associates</p>');
<p>O'Reilly & Associates</p>PHP has a pair of functions to escape characters in HTML. The most basic is htmlspecialchars( ), which escapes four characters: < > " and &. Depending on optional parameters, it can also translate ' instead of or in addition to ". For more complex encoding, use htmlentities( ); it expands on htmlspecialchars( ) to encode any character that has an HTML entity.
$html = "<a href='fletch.html'>Stew's favorite movie.</a>\n"; print htmlspecialchars($html); // double-quotes print htmlspecialchars($html, ENT_QUOTES); // single- and double-quotes print htmlspecialchars($html, ENT_NOQUOTES); // neither <a href="fletch.html">Stew's favorite movie.</a> <a href="fletch.html">Stew's favorite movie.</a> <a href="fletch.html">Stew's favorite movie.</a>
Both functions allow you to pass in a character encoding table that defines what characters map to what entities. To retrieve either table used by the previous functions, use get_html_translation_table( ) and pass in HTML_ENTITIES or HTML_SPECIALCHARS. This returns an array that maps characters to entities; you can use it as the basis for your own table.
$copyright = "Copyright © 2003 O'Reilly & Associates\n"; $table = get_html_translation_table(); // get <, >, ", and & $table[©] = '©â€™ // add © print strtr($copyright, $table); Copyright © 2003 O'Reilly & Associates
Recipe 13.9, Recipe 18.21, and Recipe 10.8; documentation on htmlentities( ) at http://www.php.net/htmlentities and htmlspecialchars( ) at http://www.php.net/htmlspecialchars.
|  | |
| 9.8. Securing PHP's Form Processing |  | 9.10. Handling Remote Variables with Periods in Their Names |
Copyright © 2003 O'Reilly & Associates. All rights reserved.