What is the easiest way to Html encode in PHP?
-
5I think he means the php equivalent to the ASP.NET method "htmlencode". It is used to sanatize the input by replacing characters like '<' with <. He doesn't want to strip them away.user456755– user4567552010-09-23 23:40:06 +00:00Commented Sep 23, 2010 at 23:40
Add a comment
|
4 Answers
By encode, do you mean: Convert all applicable characters to HTML entities?
htmlspecialchars or
htmlentities
You can also use strip_tags if you want to remove all HTML tags :
Note: this will NOT stop all XSS attacks
4 Comments
Mathias F
I am not shure which I have to use. I need this to avoid XSS-atacks.
Arkh
Then htmlspecialchars should do the trick. Or use filter_var with the FILTER_SANITIZE_SPECIAL_CHARS filter.
bobince
htmlspecialchars > htmlentities in most cases. HTML entities for non-ASCII characters should be a thing of the past; just use UTF-8 and drop the characters straight in.
Moby M
priority will be for htmlspecialchars in php
Encode.php
<h1>Encode HTML CODE</h1>
<form action='htmlencodeoutput.php' method='post'>
<textarea rows='30' cols='100'name='inputval'></textarea>
<input type='submit'>
</form>
htmlencodeoutput.php
<?php
$code=bin2hex($_POST['inputval']);
$spilt=chunk_split($code,2,"%");
$totallen=strlen($spilt);
$sublen=$totallen-1;
$fianlop=substr($spilt,'0', $sublen);
$output="<script>
document.write(unescape('%$fianlop'));
</script>";
?>
<textarea rows='20' cols='100'><?php echo $output?> </textarea>
You can encode HTML like this .
Comments
Try this:
<?php
$str = "This is some <b>bold</b> text.";
echo htmlspecialchars($str);
?>
1 Comment
mickmackusa
Why "try this"? This is not a very generous/informative answer.
I searched for hours, and I tried almost everything suggested.
This worked for almost every entity :
$input = "āžšķūņrūķīš ○ àéò ∀∂∋ ©€ ♣♦ ↠ ↔↛ ↙ ℜ℞";
echo htmlentities($input, ENT_HTML5 , 'UTF-8');
result :
āžšķūņrūķīš ○ àéò ∀∂∋ ©€ ♣♦ ↠ ↔↛ ↙ ℜ℞rx;
