html_entity_decode
A little correction to my previous message (much to my own embarrassed). The function should be as follows:
<?php
function htmlizeArray(&$txtArray) {
if (is_array($txtArray)) {
foreach ($txtArray as $key => &$val) {
htmlizeArray($val);
}
}
else {
$txtArray = htmlentities($txtArray);
}
}
?>
htmlentities
(PHP 4, PHP 5)
htmlentities — Convert all applicable characters to HTML entities
Description
string htmlentities
( string $string
[, int $quote_style
[, string $charset
[, bool $double_encode
]]] )
This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.
If you're wanting to decode instead (the reverse) you can use html_entity_decode().
Parameters
- string
-
The input string.
- quote_style
-
Like htmlspecialchars(), the optional second quote_style parameter lets you define what will be done with 'single' and "double" quotes. It takes on one of three constants with the default being ENT_COMPAT:
Available quote_style constants Constant Name Description ENT_COMPAT Will convert double-quotes and leave single-quotes alone. ENT_QUOTES Will convert both double and single quotes. ENT_NOQUOTES Will leave both double and single quotes unconverted. - charset
-
Like htmlspecialchars(), it takes an optional third argument charset which defines character set used in conversion. Presently, the ISO-8859-1 character set is used as the default.
Following character sets are supported in PHP 4.3.0 and later.
Supported charsets Charset Aliases Description ISO-8859-1 ISO8859-1 Western European, Latin-1 ISO-8859-15 ISO8859-15 Western European, Latin-9. Adds the Euro sign, French and Finnish letters missing in Latin-1(ISO-8859-1). UTF-8 ASCII compatible multi-byte 8-bit Unicode. cp866 ibm866, 866 DOS-specific Cyrillic charset. This charset is supported in 4.3.2. cp1251 Windows-1251, win-1251, 1251 Windows-specific Cyrillic charset. This charset is supported in 4.3.2. cp1252 Windows-1252, 1252 Windows specific charset for Western European. KOI8-R koi8-ru, koi8r Russian. This charset is supported in 4.3.2. BIG5 950 Traditional Chinese, mainly used in Taiwan. GB2312 936 Simplified Chinese, national standard character set. BIG5-HKSCS Big5 with Hong Kong extensions, Traditional Chinese. Shift_JIS SJIS, 932 Japanese EUC-JP EUCJP Japanese Note: Any other character sets are not recognized and ISO-8859-1 will be used instead.
- double_encode
-
When double_encode is turned off PHP will not encode existing html entities. The default is to convert everything.
Return Values
Returns the encoded string.
ChangeLog
| Version | Description |
|---|---|
| 5.2.3 | The double_encode parameter was added. |
| 4.1.0 | The charset parameter was added. |
| 4.0.3 | The quote_style parameter was added. |
Examples
Example #1 A htmlentities() example
<?php
$str = "A 'quote' is <b>bold</b>";
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str);
// Outputs: A 'quote' is <b>bold</b>
echo htmlentities($str, ENT_QUOTES);
?>
add a note
User Contributed Noteshtmlentities
paulkievits at hotmail dot com
08-Aug-2008 06:53
08-Aug-2008 06:53
anotheruser at example dot com
03-Aug-2008 05:12
03-Aug-2008 05:12
This looping function below is useful to disable html in user generated content (message board posts, webpage-based chat clients, etc). And, so far, it's worked fine alone for sanitizing user input for database storage. "htmlize_text" here preserves keys and works on recursive arrays.
<?php
$_GET = htmlize_text($_GET);
$_POST = htmlize_text($_POST);
function htmlizeArray(&$txtArray) {
if (is_array($txtArray)) {
foreach ($txtArray as $key => $val) {
htmlizeArray($val);
}
}
else {
htmlentities($txtArray);
}
}
?>
snevi at im dot com dot ve
22-Jul-2008 10:10
22-Jul-2008 10:10
correction to my previous post and improvement of the function: (the post was changed by the html parser and the characters displays as they should not)
<?php
function XMLEntities($string)
{
$string = preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '_privateXMLEntities("$0")', $string);
return $string;
}
function _privateXMLEntities($num)
{
$chars = array(
128 => '€',
130 => '‚',
131 => 'ƒ',
132 => '„',
133 => '…',
134 => '†',
135 => '‡',
136 => 'ˆ',
137 => '‰',
138 => 'Š',
139 => '‹',
140 => 'Œ',
142 => 'Ž',
145 => '‘',
146 => '’',
147 => '“',
148 => '”',
149 => '•',
150 => '–',
151 => '—',
152 => '˜',
153 => '™',
154 => 'š',
155 => '›',
156 => 'œ',
158 => 'ž',
159 => 'Ÿ');
$num = ord($num);
return (($num > 127 && $num < 160) ? $chars[$num] : "&#".$num.";" );
}
?>
in the previous post, to correct the HEX values that are not rendered, the program use a for each cicle, but that introduces a mayor complexity in execution time, so, we use the ability to call functions in the preg_replace second parameter, and ceate another funcion that evaluates the ord of the character given, and if it is between 127 and 160 it returns the modified HEX value to be understood by the browser and not brake the XML
(this work with dynamic XML generated form php with dynamic data from any source)
p.d: the '&'(&) should appear in this post as a single ampersand character and not as the html entity
keenskelly at gmail dot com
10-Jul-2008 02:00
10-Jul-2008 02:00
Correction to my previous post: the set of ENTITY declarations must be inside a <!DOCTYPE element; also is NOT pre-defined in XML and must be left in the entity list. I also extended the list with the windows 1252 character set using a sample function borrowed from php.net user comments and extended with euro entity which we need for our app. Here is the final code that is in our production app:
<?php
// Generate a list of entity declarations from the HTML_ENTITIES set that PHP knows about to dump into the document
function htmlentities_entities() {
$output = "<!DOCTYPE html [\n";
foreach (get_html_translation_table_CP1252(HTML_ENTITIES) as $value) {
$name = substr($value, 1, strlen($value) - 2);
switch ($name) {
// These ones we can skip because they're built into XML
case 'gt':
case 'lt':
case 'quot':
case 'apos':
case 'amp': break;
default: $output .= "<!ENTITY {$name} \"&{$name};\">\n";
}
}
$output .= "]>\n";
return($output);
}
// ref: http://php.net/manual/en/function.get-html-translation-table.php#76564
function get_html_translation_table_CP1252($type) {
$trans = get_html_translation_table($type);
$trans[chr(130)] = '‚'; // Single Low-9 Quotation Mark
$trans[chr(131)] = 'ƒ'; // Latin Small Letter F With Hook
$trans[chr(132)] = '„'; // Double Low-9 Quotation Mark
$trans[chr(133)] = '…'; // Horizontal Ellipsis
$trans[chr(134)] = '†'; // Dagger
$trans[chr(135)] = '‡'; // Double Dagger
$trans[chr(136)] = 'ˆ'; // Modifier Letter Circumflex Accent
$trans[chr(137)] = '‰'; // Per Mille Sign
$trans[chr(138)] = 'Š'; // Latin Capital Letter S With Caron
$trans[chr(139)] = '‹'; // Single Left-Pointing Angle Quotation Mark
$trans[chr(140)] = 'Œ'; // Latin Capital Ligature OE
$trans[chr(145)] = '‘'; // Left Single Quotation Mark
$trans[chr(146)] = '’'; // Right Single Quotation Mark
$trans[chr(147)] = '“'; // Left Double Quotation Mark
$trans[chr(148)] = '”'; // Right Double Quotation Mark
$trans[chr(149)] = '•'; // Bullet
$trans[chr(150)] = '–'; // En Dash
$trans[chr(151)] = '—'; // Em Dash
$trans[chr(152)] = '˜'; // Small Tilde
$trans[chr(153)] = '™'; // Trade Mark Sign
$trans[chr(154)] = 'š'; // Latin Small Letter S With Caron
$trans[chr(155)] = '›'; // Single Right-Pointing Angle Quotation Mark
$trans[chr(156)] = 'œ'; // Latin Small Ligature OE
$trans[chr(159)] = 'Ÿ'; // Latin Capital Letter Y With Diaeresis
$trans['euro'] = '€'; // euro currency symbol
ksort($trans);
return $trans;
}
?>
keenskelly at gmail dot com
08-Jul-2008 02:23
08-Jul-2008 02:23
So here's something fun: if you create an XML document in PHP and use htmlentities() to encode text data, then later want to read and parse the same document with PHP's xml_parse(), unless you include entity declarations into the generated document, the parser will stop on the unknown entities.
To account for this, I created a small function to take the translation table and turn it into XML <!ENTITY> definitions. I insert this output into the XML document immediately after the <?xml?> line and the parse errors magically vanish:
// Generate a list of entity declarations from the HTML_ENTITIES set that PHP knows about to dump into the document
function htmlentities_entities() {
$output = '';
foreach (get_html_translation_table(HTML_ENTITIES) as $value) {
$name = substr($value, 1, strlen($value) - 2);
switch ($name) {
// These ones we can skip because they're built into XML
case 'nbsp':
case 'gt':
case 'lt':
case 'quot':
case 'apos':
case 'amp': break;
default: $output .= "<!ENTITY {$name} \"&{$name};\">\n";
}
}
return($output);
}
anju at mycompany dot com
25-Jun-2008 04:32
25-Jun-2008 04:32
The example below was very helpful. I was trying to make an rss feed for the data which comes from various sources. Thanks Cameron.
cameron at prolifique dot com
http://www.prolifique.com/entities.php.txt
silverquick at gmail dot com
18-Jun-2008 07:22
18-Jun-2008 07:22
@vicrry at yahoo dot com
This function does encode *non-breaking* spaces to , but normal spaces are not equivalent to .
nacho dot exr at gmail dot com
23-May-2008 07:25
23-May-2008 07:25
For the <mat at matinfo dot ch> function 'convertLatin1ToHtml'
a performance improvement: use strtr instead of str_replace:
foreach ($html_entities as $key => $value) {
$str = str_replace($key, $value, $str);
}
goes to:
$str = strtr($str,$html_entities);
that's all ;)
eric at tillandsia dot nl
14-May-2008 04:06
14-May-2008 04:06
I don't know, but I get a lott of warnings about unknown html entities when I use the function:
htmlentities($str,HTML_ENTITIES,'UTF-8')
The function below works fine for me, just a replacement by a decimal coding.
A str_replace for each possible latin character in a string as in an earlier example using a hash table is slowing down the script, because you go through the string for each latin character again. In the example below, you will go through it only once.
function parseXMLcoding($string)
{
if ( strlen($string) == 0 )
return $string;
$string = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
for ( $i = 0; $i < count($string); $i++ )
{
$dec = ord($string[$i]);
if ( $dec > 127 )
$string[$i] = '&#' . $dec . ';';
}
return implode('',$string);
}
vicrry at yahoo dot com
25-Apr-2008 01:33
25-Apr-2008 01:33
my code has been like this ugly all the time:
echo nl2br( str_replace(' ',' ', htmlentities( $string ) ) );
it would be great if this function has the option to encode spaces to (s), because it's also among the html special char equivalents.
mat at matinfo dot ch
22-Apr-2008 03:34
22-Apr-2008 03:34
Hi,
below a method to convert UTF-8 Latin-1 characters to HTML-Entity,
I'm created this to translate string with HTML element on it and i just wont to convert entities.
function convertLatin1ToHtml($str) {
$html_entities = array (
"&" => "&", #ampersand
"á" => "á", #latin small letter a
"Â" => "Â", #latin capital letter A
"â" => "â", #latin small letter a
"Æ" => "Æ", #latin capital letter AE
"æ" => "æ", #latin small letter ae
"À" => "À", #latin capital letter A
"à" => "à", #latin small letter a
"Å" => "Å", #latin capital letter A
"å" => "å", #latin small letter a
"Ã" => "Ã", #latin capital letter A
"ã" => "ã", #latin small letter a
"Ä" => "Ä", #latin capital letter A
"ä" => "ä", #latin small letter a
"Ç" => "Ç", #latin capital letter C
"ç" => "ç", #latin small letter c
"É" => "É", #latin capital letter E
"é" => "é", #latin small letter e
"Ê" => "Ê", #latin capital letter E
"ê" => "ê", #latin small letter e
"È" => "È", #latin capital letter E
... sorry cutting because limitation of php.net ...
... but the principle is it ;) ...
"û" => "û", #latin small letter u
"Ù" => "Ù", #latin capital letter U
"ù" => "ù", #latin small letter u
"Ü" => "Ü", #latin capital letter U
"ü" => "ü", #latin small letter u
"Ý" => "Ý", #latin capital letter Y
"ý" => "ý", #latin small letter y
"ÿ" => "ÿ", #latin small letter y
"Ÿ" => "Ÿ", #latin capital letter Y
);
foreach ($html_entities as $key => $value) {
$str = str_replace($key, $value, $str);
}
return $str;
}
za at byza dot it
16-Apr-2008 01:15
16-Apr-2008 01:15
Trouble when using files with different charset?
htmlentities and html_entity_decode can be used to translate between charset!
Sample function:
function utf2latin($text) {
$text=htmlentities($text,ENT_COMPAT,'UTF-8');
return html_entity_decode($text,ENT_COMPAT,'ISO-8859-1');
}
richard at aggmedia dot net
13-Mar-2008 12:32
13-Mar-2008 12:32
From SR:
> There's no sane reason to use htmlentities() instead
> of htmlspecialchars(). As long as you specify the charset
> of a page with a Content-Type meta in the head of a
> page (which you should ALWAYS do in the first place),
> escaping all characters is completely pointless and will
> only grow the size of your page. Only the special HTML
> characters (<, >, &, etc.) need to be escaped, which is
> exactly what htmlspecialchars() does
This is inaccurate and unhelpful.
There are many cases where you would want to convert a UTF-8 (or other) encoded string into appropriate HTML entity representations, as well as being just good practice to use more compatable entities instead of embedded character encodings.
One such example is when using JavaScript for string manipulation, which doesn't support character sets and thus does not respect the UTF-8 BOM. By converting to full entities, JavaScript works with the entity text instead of byte codes.
So long as the developer understands what is happening with encoding and how character sets work, they should make their own call on which function they need to use.
sitefr at gmail dot com
26-Feb-2008 06:51
26-Feb-2008 06:51
@ iraiscoming [AT] g m a i l [DOT] com
To encode chars lik "'", "\", "?", etc jou could also use the function rawurlencode();
- R
rafael at phpit dot com dot br
26-Jan-2008 01:27
26-Jan-2008 01:27
Looking forward to make an htmlentities that substitutes everything but tags, I've made a solution that goes against "olito24 at gmx dot de" proposed snippet...
Here it goes!
<?php
function htmlButTags($str) {
// Take all the html entities
$caracteres = get_html_translation_table(HTML_ENTITIES);
// Find out the "tags" entities
$remover = get_html_translation_table(HTML_SPECIALCHARS);
// Spit out the tags entities from the original table
$caracteres = array_diff($caracteres, $remover);
// Translate the string....
$str = strtr($str, $caracteres);
// And that's it!
return $str;
}
?>
Any improvement will be much appreciated! :)
iraiscoming [AT] g m a i l [DOT] com
23-Jan-2008 06:29
23-Jan-2008 06:29
As "realcj at g mail dt com" wrote in a comment for flashentities, here's an "extension" for reading wordpress cookies and using the addresses and e-mails in them:
<?php
function wp_entities($string, $encode = 0){
$a = (int) $encode;
$original = array("&","'",":","/","@");
$entities = array("%26","%27","%3A","%2F","%40");
if($a == 1)
return str_replace($original, $entities, $string);
else
return str_replace($entities, $original, $string);
}
?>
Just set the second argument to 1 (int) to make the function act the opposite way. :)
Hope it will be useful!
TKVLPUAIBSDB at spammotel dot com
14-Nov-2007 09:11
14-Nov-2007 09:11
Yet another "help paste from MS Word" function. Characters from ISO-8859-1 charset are left in peace, while entities are built for non-standard characters from Windows CP1252.
function win1252toIso( $string ) {
// These chars seem to be not contained
// in php's CP1252 translation table
static $extensions = array(
142 => "Ž",
158 => "ž"
);
// Go through string and decide char by char:
// "leave as is or build entity?"
$newStr = "";
for( $i=0; $i < strlen( $string ); $i++ ) {
$ord = ord( $string[$i] );
if ( in_array( $ord, array_keys( $extensions ) ) ) {
// build entity using extra translation table
$newStr .= $extensions[$ord];
}
else {
// build entity using php's translation table
// or leave as is
$newStr .= ( $ord > 127 && $ord < 160 ) ?
htmlentities( $string[$i], ENT_NOQUOTES, "CP1252" )
: $string[$i];
}
}
return $newStr;
}
SR
16-Oct-2007 04:57
16-Oct-2007 04:57
There's no sane reason to use htmlentities() instead of htmlspecialchars(). As long as you specify the charset of a page with a Content-Type meta in the head of a page (which you should ALWAYS do in the first place), escaping all characters is completely pointless and will only grow the size of your page. Only the special HTML characters (<, >, &, etc.) need to be escaped, which is exactly what htmlspecialchars() does.
marktpitman at gmail dot com
15-Oct-2007 11:21
15-Oct-2007 11:21
I just thought I would add that if you're using the default charset, htmlentities will not correctly return the trademark ( ™ ) sign.
Instead it will return something like this: �
If you need the trademark symbol, use:
htmlentities( $html, ENT_QUOTES, "UTF-8" );
Anonymous Coward
09-Oct-2007 10:29
09-Oct-2007 10:29
Another version of the xml special characters string conversion, this one also takes care of ascii chars in range 128 to 255
$asc2uni = Array();
for($i=128;$i<256;$i++){
$asc2uni[chr($i)] = "&#x".dechex($i).";";
}
function XMLStrFormat($str){
global $asc2uni;
$str = str_replace("&", "&", $str);
$str = str_replace("<", "<", $str);
$str = str_replace(">", ">", $str);
$str = str_replace("'", "'", $str);
$str = str_replace("\"", """, $str);
$str = str_replace("\r", "", $str);
$str = strtr($str,$asc2uni);
return $str;
}
ferrettinico at gmail dot com
04-Oct-2007 01:13
04-Oct-2007 01:13
Hi, from some machines (Mac for example), when submiting a form characters with accents makes the wrong encode.
For example: í -> í instead of í
halocastle at yahoo dot com
04-Sep-2007 06:03
04-Sep-2007 06:03
Okay, so maybe this SHOULD be posted under Urlencode, but there's more talk of foiling XSS attacks here than there, so…
Be VERY careful validating submitted data not to miss something. By that I mean EVERYTHING passed in the $_POST array, including keys (the names of the form fields themselves) is susceptible to XSS attacks. Any hack can add whatever they want to your form and submit it to your script:
<input type="hidden" name="<script>alert('…the form_fields_NAMES can get you, too!');</script>" value="We all validate form_field_VALUES, but…">
Step one of course is to adopt a sensible naming convention for your form fields, to whit: name="always_lower_case" (underscores do NOT get encoded because they are valid URL characters). So, you should never find a "%" in one of your form field NAMES. Here's what I do:
foreach($_POST as $key => $val) {
// scrubbing the field NAME...
if(preg_match('/%/', urlencode($key)*)) die('FATAL::XSS hack attempt detected. Your IP has been logged.');
// okay, got here, now scrubbing the field VALUE...
[ scrub $val here by using htmlentities or a custom replacement function ];
...;
}
* %3Cscript%3Ealert%28%27%85the+form_fields_NAMES+can+get+you%...
P.S. Yes, remove the asterisk!
Ashus
28-Jun-2007 04:36
28-Jun-2007 04:36
This should basically protect the mail addresses on webpages:
<?php
function InsertMail($mail)
{
if ($mail=='') return '';
$mail = str_replace(array('@',':','.'), array('@',':','.'), $mail);
$mail = '<a href=mailto:'.$mail.'>'.$mail.'</a>';
$len = strlen($mail);
$i=0;
while($i<$len)
{
$c = mt_rand(1,4);
$par[] = (substr($mail, $i, $c));
$i += $c;
}
$join = implode('"+ "', $par);
return '<script language=javascript>
<!--
document.write("'.$join.'")
//-->
</script>';
}
echo InsertMail ('user@example.com');
?>
Prints a javascript, that joins a bunch of randomly long substrings (1-4) of hyperlink prefix mailto and email address, considering that the chars . : and @ are replaced by html entities. It should work just fine.
Justin
16-Jun-2007 01:21
16-Jun-2007 01:21
In response to soapergem at gmail dot com 10-May-2006 02:14 - If any of you are attempting to use this or anything else to foil XSS attacks, test this or any other function out _first_ before you put it into a development environment. To test out if you think your code will pass, just visit http://www.gnucitizen.org/xssdb/application.htm for some potential attacks. After doing this myself it is apparent that just simply using htmlspecialchars is sufficient.
D. Gasser
25-Apr-2007 02:40
25-Apr-2007 02:40
When using UTF-8 as charset, you'll have to set UTF-8 in braces, otherwise the varaible is not recognized.
ghoffman at salientdigital dot com
04-Apr-2007 03:17
04-Apr-2007 03:17
If you are looking for a comprehensive visual list of entities check here:
http://www.w3schools.com/tags/ref_entities.asp
q (dot) rendeiro (at) gmail (dot) com
07-Mar-2007 09:41
07-Mar-2007 09:41
I've seen lots of functions to convert all the entities, but I needed to do a fulltext search in a db field that had named entities instead of numeric entities (edited by tinymce), so I searched the tinymce source and found a string with the value->entity mapping. So, i wrote the following function to encode the user's query with named entities.
The string I used is different of the original, because i didn't want to convert ' or ". The string is too long, so I had to cut it. To get the original check TinyMCE source and search for nbsp or other entity ;)
<?php
$entities_unmatched = explode(',', '160,nbsp,161,iexcl,162,cent, [...] ');
$even = 1;
foreach($entities_unmatched as $c) {
if($even) {
$ord = $c;
} else {
$entities_table[$ord] = $c;
}
$even = 1 - $even;
}
function encode_named_entities($str) {
global $entities_table;
$encoded_str = '';
for($i = 0; $i < strlen($str); $i++) {
$ent = @$entities_table[ord($str{$i})];
if($ent) {
$encoded_str .= "&$ent;";
} else {
$encoded_str .= $str{$i};
}
}
return $encoded_str;
}
?>
realcj at g mail dt com
07-Nov-2006 03:41
07-Nov-2006 03:41
If you are building a loadvars page for Flash and have problems with special chars such as " & ", " ' " etc, you should escape them for flash:
Try trace(escape("&")); in flash' actionscript to see the escape code for &;
% = %25
& = %26
' = %27
<?php
function flashentities($string){
return str_replace(array("&","'"),array("%26","%27"),$string);
}
?>
Those are the two that concerned me. YMMV.
chuck at broker[remove]bin dot com
01-Nov-2006 10:33
01-Nov-2006 10:33
/*
replaces everything but
alphanumeric
tab
newline
carriage return
*/
function allhtmlentities($string,$decode_first=true) {
// this is to ensure that any entities already coded are not "messed up"
if($decode_first) $string = html_entity_decode($string);
// "encode"
return preg_replace(
'/([^\x09\x0A\x0D\x20-\x7F]|[\x21-\x2F]|[\x3A-\x40]|[\x5B-\x60])/e'
, '"&#".ord("$0").";"', $string);
}
eric.wallet at yahoo.fr
26-Sep-2006 08:57
26-Sep-2006 08:57
function htmlnumericentities($str){
return preg_replace('/[^!-%\x27-;=?-~ ]/e', '"&#".ord("$0").chr(59)', $str);
}
function numericentitieshtml($str){
return utf8_encode(preg_replace('/&#(\d+);/e', 'chr(str_replace(";","",str_replace("&#","","$0")))', $str));
}
echo (htmlnumericentities ("Ceci est un test : & é $ à ç <"));
echo ("<br/>\n");
echo (numericentitieshtml (htmlnumericentities ("Ceci est un test : & é $ à ç <")));
Output is :
Ceci est un test : & é $ à ç <<br/>
Ceci est un test : & é $ à ç <
First method convert characters to decimal values.
Second will reverse the problem !!!
lorenzo masetti at libero it
09-Aug-2006 12:44
09-Aug-2006 12:44
i think I found a bug in makeSafeEntities procedure. I don't know why but if the string has a special charachter as the last one (e.g. 'liberté') the result will be truncated ('libert')
I solved by adding and taking a way a blank at the end of the string , it is not the most elegant solution but it works
This is the part that I changed in the original code that is at http://www.prolifique.com/entities.php.txt
<?php
function makeSafeEntities($str, $convertTags = 0, $encoding = "") {
if (is_array($arrOutput = $str)) {
foreach (array_keys($arrOutput) as $key)
$arrOutput[$key] = makeSafeEntities($arrOutput[$key],$encoding);
return $arrOutput;
}
else if (!empty($str)) {
$str .= " ";
$str = makeUTF8($str,$encoding);
$str = mb_convert_encoding($str,"HTML-ENTITIES","UTF-8");
$str = makeAmpersandEntities($str);
if ($convertTags)
$str = makeTagEntities($str);
$str = correctIllegalEntities($str);
return substr($str, 0, strlen($str)-1);
}
}
?>
daviscabral[arroba]gmail[ponto]com
29-Jul-2006 04:52
29-Jul-2006 04:52
unhtmlentities for all entities:
<?php
function unhtmlentities ($string) {
$trans_tbl1 = get_html_translation_table (HTML_ENTITIES);
foreach ( $trans_tbl1 as $ascii => $htmlentitie ) {
$trans_tbl2[$ascii] = '&#'.ord($ascii).';';
}
$trans_tbl1 = array_flip ($trans_tbl1);
$trans_tbl2 = array_flip ($trans_tbl2);
return strtr (strtr ($string, $trans_tbl1), $trans_tbl2);
}
?>
info at pirandot dot de
22-Jul-2006 11:14
22-Jul-2006 11:14
Unfortunately, there are differences between what is shown in the preview window and what is shown on the web site; thus, the extreme number of backslashes in my former note.
The corrected note:
The data returned by a text input field is ready to be used in a data base query when enclosed in single quotes, e.g.
<?php
mysql_query ("SELECT * FROM Article WHERE id = '$data'");
?>
But you will get problems when writing back this data into the input field's value,
<?php
echo "<input name='data' type='text' value='$data'>";
?>
because hmtl codes would be interpreted and escape sequences would cause strange output.
The following function may help:
<?php
function deescape ($s, $charset='UTF-8')
{
// don't interpret html codes and don't convert quotes
$s = htmlentities ($s, ENT_NOQUOTES, $charset);
// delete the inserted backslashes except those for protecting single quotes
$s = preg_replace ("/\\\\([^'])/e", '"&#" . ord("$1") . ";"', $s);
// delete the backslashes inserted for protecting single quotes
$s = str_replace ("\\'", "&#" . ord ("'") . ";", $s);
return $s;
}
?>
Try some input like: a'b"c\d\'e\"f\\g&x#27;h to test ...
soapergem at gmail dot com
11-May-2006 03:14
11-May-2006 03:14
A quick revision to my last comment. For some reason, leaving the control characters in the safe range seemed to screw things up. So instead, using this function will do what everybody else here is trying to do, but it will do so in a single line:
<?php
$text = preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '"&#".ord($0).";"', $text);
?>
cameron at prolifique dot com
11-May-2006 03:01
11-May-2006 03:01
I've been asked why I assembled such intricate functions to convert to entities when I could use a very simple solution (like the one offered by soapergem below). The biggest reason is that the PHP htmlentities function and most of the other solutions listed below go haywire on multi-byte strings.
In addition, the entire range of numbered entities from  through Ÿ are invalid characters, and should not be used (as noted by mail at britlinks dot com below). Most htmlentity functions also do not convert ampersands or pointy brackets (<>) to entities. The ones that do often reconvert existing entities (& becomes &amp;).
cameron at prolifique dot com
06-May-2006 09:02
06-May-2006 09:02
I've been dissatisfied with all the solutions I've yet seen for converting text into html entities, which all seem to have some drawback or another. So I wrote my own, borrowing heavily from other code posted on this site.
http://www.prolifique.com/entities.php.txt
makeSafeEntities() should take any text, convert it from the specified charset into UTF-8, then replace all inappropriate characters with appropriate (and legal) character entities, returning generic ISO-8859 HTML text. Should NOT reconvert any entities already in the text.
makeAllEntities() does the same, but converts the entire string to entities. Useful for obscuring email addresses (in a lame but nonetheless somewhat effective way).
Suggestions for improvement welcome!
soapergem at gmail dot com
30-Apr-2006 03:53
30-Apr-2006 03:53
Here's another version of that "allhtmlentities" function that an anonymous user posted in the last comment, only this one would be significantly more efficient. Again, this would convert anything that has an ASCII value higher than 127.
<?php
function allhtmlentities($string)
{
return preg_replace('/[^\x00-\x7F]/e', '"&#".ord("$0").";"', $string);
}
?>
<?php
function allhtmlentities($string)
{
return preg_replace('/[^\x00-\x7F]/e', '"&#".ord("$0").";"', $string);
}
?>
anonymous
27-Apr-2006 04:38
27-Apr-2006 04:38
This function will encode anything that is non Standard ASCII (that is, that is above #127 in the ascii table)
// allhtmlentities : mainly based on "chars_encode()" by Tim Burgan <timburgan@gmail.com> [http://www.php.net/htmlentities]
function allhtmlentities($string) {
if ( strlen($string) == 0 )
return $string;
$result = '';
$string = htmlentities($string, HTML_ENTITIES);
$string = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
$ord = 0;
for ( $i = 0; $i < count($string); $i++ ) {
$ord = ord($string[$i]);
if ( $ord > 127 ) {
$string[$i] = '&#' . $ord . ';';
}
}
return implode('',$string);
}
eion at bigfoot dot com
21-Feb-2006 09:54
21-Feb-2006 09:54
many people below talk about using
<?php
mb_convert_encode($s,'HTML-ENTITIES','UTF-8');
?>
to convert non-ascii code into html-readable stuff. Due to my webserver being out of my control, I was unable to set the database character set, and whenever PHP made a copy of my $s variable that it had pulled out of the database, it would convert it to nasty latin1 automatically and not leave it in it's beautiful UTF-8 glory.
So [insert korean characters here] turned into ?????.
I found myself needing to pass by reference (which of course is deprecated/nonexistent in recent versions of PHP)
so instead of
<?php
mb_convert_encode(&$s,'HTML-ENTITIES','UTF-8');
?>
which worked perfectly until I upgraded, so I had to use
<?php
call_user_func_array('mb_convert_encoding', array(&$s,'HTML-ENTITIES','UTF-8'));
?>
Hope it helps someone else out
Bartek
01-Feb-2006 07:06
01-Feb-2006 07:06
I use this function to convert imput from MS Word into html (ascii) compatible output. I hope it would work also for you.
I have enabled magic_quotes on my server so maybe you won't need stripslashes and addslashes.
I've also noticed that Opera 8.51 browses behaves somehow different from IE 6 and Firefox 1.5. I haven't check this functions with other browsers.
<?php
function convert_word_to_ascii($string)
{
$string = stripslashes($string);
if ( stristr($_SERVER['HTTP_USER_AGENT'], "Opera") )
$search = array('‘',
chr(96),
'’',
'„',
'”',
'“',
'…',
'–');
if ( stristr($_SERVER['HTTP_USER_AGENT'], "Firefox") || stristr($_SERVER['HTTP_USER_AGENT'], "MSIE") )
$search = array(chr(145),
chr(146),
chr(96),
chr(132),
chr(147),
chr(148),
chr(133),
chr(150));
$replace = array( "'",
&nbs