htmlencode vs htmlspecialchars
3 posts by 2 authors in: Forums > CMS Builder
Last Post: November 7, 2023 (RSS)
By KennyH - November 6, 2023
I can't remember the exact reason for using htmlencode. Is it the same as using htmlspecialchars?
<?= htmlspecialchars($contact_usRecord['email']) ?>
vs
<?= htmlencode($contact_usRecord['email']) ?>
Do they perform the same functions?
By Dave - November 6, 2023
Hi Kenny,
Yes, but with some extra options, it's actually equivalent to this:
htmlspecialchars($contact_usRecord['email'], ENT_QUOTES|ENT_SUBSTITUTE|ENT_HTML5, 'UTF-8')That was just a lot to type each time so we wrote a shortcut function. Here's what the options do:
- ENT_QUOTES // encode ' as ' Only matters if your output is in a single quoted attribute, eg: <input value='$var'>
- ENT_SUBSTITUTE // replace invalid UTF-8 chars with � instead of returning empty string, so a single invalid char doesn't blank out your string
- ENT_HTML5 // encode as HTML 5
- UTF-8 // Encode as UTF-8 (in case php.ini default_charset is set to something else)
Hope that helps, let me know any other questions.
interactivetools.com
By KennyH - November 7, 2023
Fantastic! I knew it was something like that, I just couldn't remember why and I vaguely remember when you introduced it.
Thanks - KH