htmlspecialchars

FunctionParams changed in PHP 8.1

Convert special characters to HTML entities.

PHP 5
PHP 7.0
Improved
PHP 7.1-7.4
PHP 8.0
Improved
PHP 8.1
Improved
PHP 8.2
PHP 8.3-8.4
PHP 8.5
PHP 8.6

htmlspecialchars Function synopsis

htmlspecialchars(
    string $string,
    int $flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401,
    ?string $encoding = null,
    bool $double_encode = true
  ): string

Parameters

$string

Typestring

The string being converted.

$flags

OptionalTypeintDefault valueENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401

A bitmask of one or more of the following flags, which specify how to handle quotes, invalid code unit sequences and the used document type. The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.

$flags accepts one or a bitmask of the following constant values:

$encoding

OptionalType?stringDefault valuenull

For the purposes of this function, the encodings ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, provided the $string itself is valid for the encoding, as the characters affected by htmlspecialchars occupy the same positions in all of these encodings.

$double_encode

OptionalTypeboolDefault valuetrue

When $double_encode is turned off PHP will not encode existing html entities, the default is to convert everything.

Return value

Typestring

The converted string.

If the input $string contains an invalid code unit sequence within the given $encoding an empty string will be returned, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set.

Changes to the htmlspecialchars Function

PHP 8.1

  • Parameter default value changed for position #2 ($flags): ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401
  htmlspecialchars(
      string $string,
-     int $flags = ENT_COMPAT,
+     int $flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401,
      ?string $encoding = null,
      bool $double_encode = true
    ): string

PHP 8.0

  • Return type added: string
  • Parameter type added for parameter #1 ($string): string
  • Parameter name of parameter #2 changed: $quote_style to $flags
  • Parameter type added for parameter #2 ($flags): int
  • Parameter default value added for position #2 ($flags): ENT_COMPAT
  • Parameter type added for parameter #3 ($encoding): ?string
  • Parameter default value added for position #3 ($encoding): null
  • Parameter type added for parameter #4 ($double_encode): bool
  • Parameter default value added for position #4 ($double_encode): true
  htmlspecialchars(
-     $string,
+     string $string,
-     $quote_style,
+     int $flags = ENT_COMPAT,
-     $encoding,
+     ?string $encoding = null,
-     $double_encode
+     bool $double_encode = true
-   )
+   ): string

PHP 7.0

  • Parameter name of parameter #3 changed: $charset to $encoding
  htmlspecialchars(
      $string,
      $quote_style,
-     $charset,
+     $encoding,
      $double_encode
    )

htmlspecialchars Function Availability

PHP VersionAvailability
PHP 8.6Upcoming Release Yes
PHP 8.5Supported (Latest) Yes
PHP 8.4Supported Yes
PHP 8.3Supported Yes
PHP 8.2Security-Fixes Only Yes
PHP 8.1Security-Fixes Only Yes
PHP 8.0Unsupported Yes
PHP 7.4Unsupported Yes
PHP 7.3Unsupported Yes
PHP 7.2Unsupported Yes
PHP 7.1Unsupported Yes
PHP 7.0Unsupported Yes
PHP 5.6Unsupported Yes
PHP 5.5Unsupported Yes
PHP 5.4Unsupported Yes
PHP 5.3Unsupported Yes