htmlentities:
htmlentities() in php is used to encode the regular html tag to html entities, Whenever we allow users to submit content to the website , we must keep our visitors away from the html coding of our website. Just remember, that when allowing users to submit content to your site you are also giving them access to your website. Be sure you take the proper precautions.
It is always better to use htmlentities to convert regular text into html entities. htmlentities funciton takes the html coding and converts into html entities. For example <tag> will be converted to <tag>
This function has following parameters:
ENT_COMPAT: Converts double quotes and leave single quotes
ENT_QUOTES: Converts double quotes and single quotes
ENT_NOQUOTES: Leave double quotes and single quotes.
Example:
<html>
<body>
<?php
$var="\"Rose\" and 'India'";
echo htmlentities($var,ENT_COMPAT)."<BR/>";
echo htmlentities($var,ENT_QUOTES)."<BR/>";
echo htmlentities($var,ENT_NOQUOTES)."<BR/>";
?>
</body>
</html>
Output:
"Rose" and 'India'
"Rose" and 'India'
"Rose" and 'India'
If you check the source code from browser, you would get following output:
<html> <body> "Rose" and 'India'<BR/>"Rose" and 'India'<BR/>"Rose" and 'India'<BR/></body> </html>