君,已阅读到文档的结尾了呢~~
诚信的名言
扫扫二维码,随身浏览文档
手机或平板扫扫即可继续访问
举报该文档为侵权文档。
举报该文档含有违规或不良信息。
反馈该文档无法正常浏览。
举报该文档为重复文档。
推荐理由:
将文档分享至:
分享完整地址
文档地址:
粘贴到BBS或博客
flash地址:
支持嵌入FLASH地址的网站使用
html代码:
&embed src='/DocinViewer-4.swf' width='100%' height='600' type=application/x-shockwave-flash ALLOWFULLSCREEN='true' ALLOWSCRIPTACCESS='always'&&/embed&
450px*300px480px*400px650px*490px
支持嵌入HTML代码的网站使用
您的内容已经提交成功
您所提交的内容需要审核后才能发布,请您等待!
3秒自动关闭窗口Keyboard Shortcuts?
Next menu item
Previous menu item
Previous man page
Next man page
Scroll to bottom
Scroll to top
Goto homepage
Goto search(current page)
Focus search box
Change language:
Brazilian Portuguese
Chinese (Simplified)
htmlentities
htmlentities & Convert all applicable characters to HTML entities
Description
string htmlentities
( string $string
[, int $flags = ENT_COMPAT | ENT_HTML401
[, string $encoding = ini_get(&default_charset&)
[, bool $double_encode = true
If you want to decode instead (the reverse) you can use
Parameters
The input string.
A bitmask of one or more of the following flags, which specify how to handle quotes,
invalid code unit sequences and the used document type. The default is
ENT_COMPAT | ENT_HTML401.
Available flags constants
Constant Name
Description
ENT_COMPAT
Will convert double-quotes and leave single-quotes alone.
ENT_QUOTES
Will convert both double and single quotes.
ENT_NOQUOTES
Will leave both double and single quotes unconverted.
ENT_IGNORE
Silently discard invalid code unit sequences instead of returning
an empty string. Using this flag is discouraged as it
ENT_SUBSTITUTE
Replace invalid code unit sequences with a Unicode Replacement Character
U+FFFD (UTF-8) or &#FFFD; (otherwise) instead of returning an empty string.
ENT_DISALLOWED
Replace invalid code points for the given document type with a
Unicode Replacement Character U+FFFD (UTF-8) or &#FFFD;
(otherwise) instead of leaving them as is. This may be useful, for
instance, to ensure the well-formedness of XML documents with
embedded external content.
ENT_HTML401
Handle code as HTML 4.01.
Handle code as XML 1.
Handle code as XHTML.
Handle code as HTML 5.
An optional argument defining the encoding used when converting characters.
If omitted, the default value of the encoding varies
depending on the PHP version in use. In PHP 5.6 and later, the
configuration
option is used as the default value. PHP 5.4 and 5.5 will use
UTF-8 as the default. Earlier versions of PHP use
ISO-8859-1.
Although this argument is technically optional, you are highly encouraged to
specify the correct value for your code if you are using PHP 5.5 or earlier,
or if your
configuration option may be set incorrectly for the given input.
The following character sets are supported:
Supported charsets
Description
ISO-8859-1
Western European, Latin-1.
ISO-8859-5
Little used cyrillic charset (Latin/Cyrillic).
ISO-8859-15
ISO8859-15
Western European, Latin-9. Adds the Euro sign, French and Finnish
letters missing in Latin-1 (ISO-8859-1).
ASCII compatible multi-byte 8-bit Unicode.
ibm866, 866
DOS-specific Cyrillic charset.
Windows-1251, win-
Windows-specific Cyrillic charset.
Windows specific charset for Western European.
koi8-ru, koi8r
Traditional Chinese, mainly used in Taiwan.
Simplified Chinese, national standard character set.
BIG5-HKSCS
Big5 with Hong Kong extensions, Traditional Chinese.
SJIS, SJIS-win, cp932, 932
EUCJP, eucJP-win
Charset that was used by Mac OS.
''
An empty string activates detection from script encoding (Zend multibyte),
and current
locale (see
), in this order. Not recommended.
Any other character sets are not recognized. The default encoding will be
used instead and a warning will be emitted.
double_encode
When double_encode is turned off PHP will not
encode existing html entities. The default is to convert everything.
Return Values
Returns the encoded string.
If the input string contains an invalid code unit
sequence within the given encoding an empty string
will be returned, unless either the ENT_IGNORE or
ENT_SUBSTITUTE flags are set.
Example #1 A htmlentities() example
&?php$str&=&"A&'quote'&is&&b&bold&/b&";//&Outputs:&A&'quote'&is&&b&bold&/b&echo&htmlentities($str);//&Outputs:&A&'quote'&is&&b&bold&/b&echo&htmlentities($str,&ENT_QUOTES);?&
Example #2 Usage of ENT_IGNORE
&?php$str&=&"\x8F!!!";//&Outputs&an&empty&stringecho&htmlentities($str,&ENT_QUOTES,&"UTF-8");//&Outputs&"!!!"echo&htmlentities($str,&ENT_QUOTES&|&ENT_IGNORE,&"UTF-8");?&
- Convert all HTML entities to their applicable characters
- Returns the translation table used by htmlspecialchars and htmlentities
- Convert special characters to HTML entities
- Inserts HTML line breaks before all newlines in a string
- URL-encodes string
An important note below about using this function to secure your application against Cross Site Scripting (XSS) vulnerabilities.When printing user input in an attribute of an HTML tag, the default configuration of htmlEntities() doesn't protect you against XSS, when using single quotes to define the border of the tag's attribute-value. XSS is then possible by injecting a single quote:&?php$_GET['a'] = "#000' onload='alert(document.cookie)";?&XSS possible (insecure):&?php$href = htmlEntities($_GET['a']);print "&body bgcolor='$href'&"; ?&Use the 'ENT_QUOTES' quote style option, to ensure no XSS is possible and your application is secure:&?php$href = htmlEntities($_GET['a'], ENT_QUOTES);print "&body bgcolor='$href'&"; ?&The 'ENT_QUOTES' option doesn't protect you against javascript evaluation in certain tag's attributes, like the 'href' attribute of the 'a' tag. When clicked on the link below, the given JavaScript will get executed:&?php$_GET['a'] = 'javascript:alert(document.cookie)';$href = htmlEntities($_GET['a'], ENT_QUOTES);print "&a href='$href'&link&/a&"; ?&
I've seen lots of functions to convert all the entities, but I needed to do a fulltext search in a db field that had named entities instead of numeric entities (edited by tinymce), so I searched the tinymce source and found a string with the value-&entity mapping. So, i wrote the following function to encode the user's query with named entities.The string I used is different of the original, because i didn't want to convert ' or ". The string is too long, so I had to cut it. To get the original check TinyMCE source and search for n)&?php$entities_unmatched = explode(',', '160,nbsp,161,iexcl,162,cent, [...] ');$even = 1;foreach($entities_unmatched as $c) {& & if($even) {& & & & $ord = $c;& & } else {& & & & $entities_table[$ord] = $c;& & }& & $even = 1 - $even;}function encode_named_entities($str) {& & global $entities_table;& & & & $encoded_str = '';& & for($i = 0; $i & strlen($str); $i++) {& & & & $ent = @$entities_table[ord($str{$i})];& & & & if($ent) {& & & & & & $encoded_str .= "&$ent;";& & & & } else {& & & & & & $encoded_str .= $str{$i};& & & & }& & }& & return $encoded_str;}?&
html entities does not encode all unicode characters. It encodes what it can [all of latin1], and the others slip through. Љ is the nasty I use. I have searched for a function which encodes everything, but in the end I wrote this. This is as simple as I can get it. Consult an ansii table to custom include/omit chars you want/don't. I'm sure it's not that fast.// Unicode-proof htmlentities. // Returns 'normal' chars as chars and weirdos as numeric html entites.function superentities( $str ){& & // get rid of existing entities else double-escape& & $str = html_entity_decode(stripslashes($str),ENT_QUOTES,'UTF-8'); & & $ar = preg_split('/(?&!^)(?!$)/u', $str );& // return array of every multi-byte character& & foreach ($ar as $c){& & & & $o = ord($c);& & & & if ( (strlen($c) & 1) || /* multi-byte [unicode] */& & & & & & ($o &32 || $o & 126) || /* &- control / latin weirdos -& */& & & & & & ($o &33 && $o & 40) ||/* quotes + ambersand */& & & & & & ($o &59 && $o & 63) /* html */& & & & ) {& & & & & & // convert to numeric entity& & & & & & $c = mb_encode_numericentity($c,array (0x0, 0xffff, 0, 0xffff), 'UTF-8');& & & & }& & & & $str2 .= $c;& & }& & return $str2;}
The following will make a string completely safe for XML:&?phpfunction philsXMLClean($strin) {& & & & $strout = null;& & & & for ($i = 0; $i & strlen($strin); $i++) {& & & & & & & & $ord = ord($strin[$i]);& & & & & & & & if (($ord & 0 && $ord & 32) || ($ord &= 127)) {& & & & & & & & & & & & $strout .= "&#{$ord};";& & & & & & & & }& & & & & & & & else {& & & & & & & & & & & & switch ($strin[$i]) {& & & & & & & & & & & & & & & & case '&':& & & & & & & & & & & & & & & & & & & & $strout .= '&';& & & & & & & & & & & & & & & & & & & && & & & & & & & & & & & & & & & case '&':& & & & & & & & & & & & & & & & & & & & $strout .= '&';& & & & & & & & & & & & & & & & & & & && & & & & & & & & & & & & & & & case '&':& & & & & & & & & & & & & & & & & & & & $strout .= '&';& & & & & & & & & & & & & & & & & & & && & & & & & & & & & & & & & & & case '"':& & & & & & & & & & & & & & & & & & & & $strout .= '&';& & & & & & & & & & & & & & & & & & & && & & & & & & & & & & & & & & & default:& & & & & & & & & & & & & & & & & & & & $strout .= $strin[$i];& & & & & & & & & & & & }& & & & & & & & }& & & & }& & & & return $strout;}?&
When putting values inside comment tags &!-- --& you should replace -- with -- too, as this would end your tag and show the rest of the comment.
If you are building a loadvars page for Flash and have problems with special chars such as " & ", " ' " etc, you should escape them for flash:
Try trace(escape("&")); in flash' actionscript to see the escape code for &;
% = %25
& = %26
' = %27
&?php
function flashentities($string){
return str_replace(array("&","'"),array("%26","%27"),$string);
}
?&
Those are the two that concerned me. YMMV.
htmlentities seems to have changed at some point between version 5.1.6 and 5.3.3, such that it now returns an empty string for anything containing a pound sign:$ php -vPHP 5.1.6 (cli) (built: May 22 :44)$ php -r "echo htmlentities('?hello', null, 'utf-8');"&hello$$ php -vPHP 5.3.3 (cli) (built: Aug 19 :49)$ php -r "echo htmlentities('?hello', null, 'utf-8');"$(Returns an empty string the second time)Just a heads up.
A useful little function to convert the symbols in the different inputs.&?phpfunction ConvertSimbols($var, $ConvertQuotes = 0) {if ($ConvertQuotes & 0) {$var = htmlentities($var, ENT_NOQUOTES, 'UTF-8');$var = str_replace('\"', '', $var);$var = str_replace("\'", '', $var);} else {$var = htmlentities($var, ENT_QUOTES, 'UTF-8');}return $var;}?&Usage with quotes for example message:$message = ConvertSimbols($message);Usage without quotes for example link:$link = ConvertSimbols($link, 1);
The flag ENT_HTML5 also strips newline chars like \n with htmlentities while htmlspecialchars is not affected by that.If you want to use nl2br on that string afterwards you might end up searching the problem like i did. This does not apply to other flags like e.g. ENT_XHTML which confused me.Tested this with PHP 5.4 / 5.5 / 5.6-dev with same results, so it seems that this is an intended "feature".
For use of html& tags, ampersands, etc. in xml document(f.e.&xml&&xmltag1&&span class="data1"& data 1&/span& & data2&/xmltag1&&/xml&)one can use the CDATA brackets:&xmltag1&&![CDATA[&span class="data1"& data 1&/span& & data2]]&&/xmltag1&-rq
I'm glad 5.4 has xml support, but many of us are working with older installations, some of us still have to use PHP4. If you're like me you've been frustrated with trying to use htmlentites/htmlspecial chars with xml output. I was hoping to find an option to force numeric encoding, lacking that, I have written my own xmlencode function, which I now offer:
$string xmlencode( $string )
it will use htmlspecialchars for the valid xml entities amp, quote, lt, gt, (apos) and return the numeric entity for all other non alpha-numeric characters.
-------------------------------------------
if( !function_exists( 'xmlentities' ) ) {
& & function xmlentities( $string ) {
& & & & $not_in_list = "A-Z0-9a-z\s_-";
& & & & return preg_replace_callback( "/[^{$not_in_list}]/" , 'get_xml_entity_at_index_0' , $string );
& & }
& & function get_xml_entity_at_index_0( $CHAR ) {
& & & & if( !is_string( $CHAR[0] ) || ( strlen( $CHAR[0] ) & 1 ) ) {
& & & & & & die( "function: 'get_xml_entity_at_index_0' requires data type: 'char' (single character). '{$CHAR[0]}' does not match this type." );
& & & & }
& & & & switch( $CHAR[0] ) {
& & & & & & case "'":& & case '"':& & case '&':& & case '&':& & case '&':
& & & & & & & & return htmlspecialchars( $CHAR[0], ENT_QUOTES );& &
& & & & & & default:
& & & & & & & & return numeric_entity_4_char($CHAR[0]);& & & & & & & &
& & & & }& & & &
& & }
& & function numeric_entity_4_char( $char ) {
& & & & return "&#".str_pad(ord($char), 3, '0', STR_PAD_LEFT).";";
& & }& &
For those Spanish (and not only) folks, that want their national letters back after htmlentities :)&?phpprotected function _decodeAccented($encodedValue, $options = array()) {& & $options += array(& & & & 'quote'& && =& ENT_NOQUOTES,& & & & 'encoding'& =& 'UTF-8',& & );& & return preg_replace_callback(& & & & '/&\w(acute|uml|tilde);/',& & & & create_function(& & & & & & '$m',& & & & & & 'return html_entity_decode($m[0], ' . $options['quote'] . ', "' .& & & & & & $options['encoding'] . '");'& & & & ),& & & & $encodedValue& & );}?&
Had a heck of a time to get my rss entities right. using htmlentities didn't work and using html_entity_decode didn't work either. Ended up writing a custom function to encode and decode. It might still need some work but I thought to share it because I couldn't find anything on the net. Always open for suggestions to improve it! Here it is:
&?php
& $entity_custom_from = false;
& $entity_custom_to = false;
& function html_entity_decode_encode_rss($data) {
& & global $entity_custom_from, $entity_custom_to;
& & if(!is_array($entity_custom_from) || !is_array($entity_custom_to)){
& & & $array_position = 0;
& & & foreach (get_html_translation_table(HTML_ENTITIES) as $key =& $value) {
& & & & switch ($value) {
& & & & & case '&':
& & & & & &
& & & & & case '&':
& & & & & case '&':
& & & & & case '&':
& & & & & case '&':
& & & & & case '&':
& & & & & & $entity_custom_from[$array_position] = $key;
& & & & & & $entity_custom_to[$array_position] = $value;
& & & & & & $array_position++;
& & & & & &
& & & & & default:
& & & & & & $entity_custom_from[$array_position] = $value;
& & & & & & $entity_custom_to[$array_position] = $key;
& & & & & & $array_position++;
& & & & }
& & & }
& & }
& & return str_replace($entity_custom_from, $entity_custom_to, $data);
& }
?&
Trouble when using files with different charset?
htmlentities and html_entity_decode can be used to translate between charset!
Sample function:
&?php
function utf2latin($text) {
&& $text=htmlentities($text,ENT_COMPAT,'UTF-8');
&& return html_entity_decode($text,ENT_COMPAT,'ISO-8859-1');
}
?&
Hi there,after several and several tests, I figured out that dot:- htmlentities() function remove characters like "à","è",etc when you specify a flag and a charset- htmlentities() function DOES NOT remove characters like those above when you DO NOT specify anythingSo, let's assume that..&?php$str = "Hèèèllooo";$res_1 = htmlentities($str, ENT_QUOTES, "UTF-8");$res_2 = htmlentities($str);echo var_dump($res_1); echo var_dump($res_2); ?&I used this for a textarea content for comments. Anyway, note that using the "$res_2" form the function will leave unconverted single/double quotes. At this point you should use str_replace() function to perform the characters but be careful because..&?php$str = "'Hèèèllooo'";$res_2 = str_replace("'","'",$str);$res_2 = htmlentities($str);echo var_dump($res_2); $res_3 = htmlentities($str);$res_3 = str_replace("'","'",$res_3);echo var_dump($res_3); ?&Hope it will helps you.Regards,W.D.
I use this function to encode all the xml entities and also all the & that are not defined in xml like &You can also decode what you encode with my decode function.My function works a little like the htmlentities.You can also add other string to the array if you want to exclude them from the encoding.&?phpfunction xml_entity_decode($text, $charset = 'Windows-1252'){& & $text = html_entity_decode($text, ENT_COMPAT, $charset);& & $text = html_entity_decode($text, ENT_COMPAT, $charset);& & return $text;}function xml_entities($text, $charset = 'Windows-1252'){& && $text = htmlentities($text, ENT_COMPAT, $charset, false);& & & & $arr_xml_special_char = array("&","&","&","&","&");& & & & $arr_xml_special_char_regex = "(?";& & foreach($arr_xml_special_char as $key =& $value){& & & & $arr_xml_special_char_regex .= "(?!$value)";& & }& & $arr_xml_special_char_regex .= ")";& & & & $pattern = "/$arr_xml_special_char_regex&([a-zA-Z0-9]+;)/";& & & & $replacement = '&${1}';& & return preg_replace($pattern, $replacement, $text);}?&
This fuction is particularly useful against XSS (cross-site-scripting-). XSS makes use of holes in code, whether it be in Javascript or PHP. XSS often, if not always, uses HTML entities to do its evil deeds, so this function in co-operation with your scripts (particularly search or submitting scripts) is a very useful tool in combatting "H4X0rz".
A version of the xml entities function below. This one replaces the "prime" character (′) with which I had difficulties.
&?php
function xmlentities($string) {
&& return str_replace ( array ( '&', '"', "'", '&', '&', '?' ), array ( '&' , '&', '&' , '&' , '&', '&' ), $string );
}
?&
Correction to my previous post: the set of ENTITY declarations must be inside a &!DOCTYPE also & is NOT pre-defined in XML and must be left in the entity list. I also extended the list with the windows 1252 character set using a sample function borrowed from php.net user comments and extended with euro entity which we need for our app. Here is the final code that is in our production app:
function htmlentities_entities() {
& & & & $output = "&!DOCTYPE html [\n";
& & & & foreach (get_html_translation_table_CP1252(HTML_ENTITIES) as $value) {
& & & & & & & & $name = substr($value, 1, strlen($value) - 2);
& & & & & & & & switch ($name) {
& & & & & & & & & & & & case 'gt':
& & & & & & & & & & & & case 'lt':
& & & & & & & & & & & & case 'quot':
& & & & & & & & & & & & case 'apos':
& & & & & & & & & & & & case 'amp':
& & & & & & & & & & & & default: $output .= "&!ENTITY {$name} \"&{$name};\"&\n";
& & & & & & & & }
& & & & }
& & & & $output .= "]&\n";
& & & & return($output);
}
function get_html_translation_table_CP1252($type) {
& & & & $trans = get_html_translation_table($type);
& & & & $trans[chr(130)] = '&';& & $trans[chr(131)] = '&';& & $trans[chr(132)] = '&';& & $trans[chr(133)] = '&';& & $trans[chr(134)] = '&';& & $trans[chr(135)] = '&D';& & $trans[chr(136)] = '&';& & $trans[chr(137)] = '&';& & $trans[chr(138)] = '&S';& & $trans[chr(139)] = '&';& & $trans[chr(140)] = '&OE';& & $trans[chr(145)] = '&';& & $trans[chr(146)] = '&';& & $trans[chr(147)] = '&';& & $trans[chr(148)] = '&';& & $trans[chr(149)] = '&';& & $trans[chr(150)] = '&';& & $trans[chr(151)] = '&';& & $trans[chr(152)] = '&';& & $trans[chr(153)] = '&';& & $trans[chr(154)] = '&';& & $trans[chr(155)] = '&';& & $trans[chr(156)] = '&';& & $trans[chr(159)] = '&Y';& & $trans['euro'] = '&';& & ksort($trans);
& & & & return $trans;
}
[EDIT BY danbrown AT php DOT net: The user's original note contained the following text:
"So here's something fun: if you create an XML document in PHP and use htmlentities() to encode text data, then later want to read and parse the same document with PHP's xml_parse(), unless you include entity declarations into the generated document, the parser will stop on the unknown entities.
To account for this, I created a small function to take the translation table and turn it into XML &!ENTITY& definitions. I insert this output into the XML document immediately after the &?xml?& line and the parse errors magically vanish"
]
I needed a simple little function to take a string and convert extended ascii characters into html entities. I couldn't find a function for this so I whipped one up.&?phpfunction ascii2entities($string){& & for($i=128;$i&=255;$i++){& & & & $entity = htmlentities(chr($i), ENT_QUOTES, 'cp1252');& & & & $temp = substr($entity, 0, 1);& & & & $temp .= substr($entity, -1, 1);& & & & if ($temp != '&;'){& & & & & & $string = str_replace(chr($i), '', $string);& & & & }& & & & else{& & & & & & $string = str_replace(chr($i), $entity, $string);& & & & }& & }& & return $string;}echo ascii2entities("o");?&
Note that as of 5.2.5 it appears that if the input string contains a character that is not valid for the output encoding you've specified, then this function returns null.You might expect it to just strip the invalid char, but it doesn't.You can strip the chars yourself like so:iconv('utf-8','utf-8',$str);You can combine that with htmlentities also:$str = htmlentities(iconv('UTF-8', 'UTF-8//IGNORE', $str, ENT_QUOTES, 'UTF-8');Should give you a string with htmlentities encoded to utf-8, and any unsupported chars stripped.
When happens that you want to encode special characters but not the HTML tags using this function you've two options:a) Build your own function and go
eg.&?php& for($i = 0; $i & strlen($string); $i++){& && switch(substr($string,$i,1)){& & & & } }?&b) use this function and simple restore the html tags afterwards. Which gives you a 6 line function as follow:&?php& function keephtml($string){& & & & & $res = htmlentities($string);& & & & & $res = str_replace("&","&",$res);& & & & & $res = str_replace("&","&",$res);& & & & & $res = str_replace("&",'"',$res);& & & & & $res = str_replace("&",'&',$res);& & & & & return $res;}?&
correction to my previous post and improvement of the function: (the post was changed by the html parser and the characters displays as they should not)
&?php
& & function XMLEntities($string)
& & {
& & & & $string = preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '_privateXMLEntities("$0")', $string);
& & & & return $string;
& & }
& & function _privateXMLEntities($num)
& & {
& & $chars = array(
& & & & 128 =& '€',
& & & & 130 =& '‚',
& & & & 131 =& 'ƒ',
& & & & 132 =& '„',
& & & & 133 =& '…',
& & & & 134 =& '†',
& & & & 135 =& '‡',
& & & & 136 =& 'ˆ',
& & & & 137 =& '‰',
& & & & 138 =& 'Š',
& & & & 139 =& '‹',
& & & & 140 =& 'Œ',
& & & & 142 =& 'Ž',
& & & & 145 =& '‘',
& & & & 146 =& '’',
& & & & 147 =& '“',
& & & & 148 =& '”',
& & & & 149 =& '•',
& & & & 150 =& '–',
& & & & 151 =& '—',
& & & & 152 =& '˜',
& & & & 153 =& '™',
& & & & 154 =& 'š',
& & & & 155 =& '›',
& & & & 156 =& 'œ',
& & & & 158 =& 'ž',
& & & & 159 =& 'Ÿ');
& & & & $num = ord($num);
& & & & return (($num & 127 && $num & 160) ? $chars[$num] : "&#".$num.";" );
& & }
in the previous post, to correct the HEX values that are not rendered, the program use a for each cicle, but that introduces a mayor complexity in execution time, so, we use the ability to call functions in the preg_replace second parameter, and ceate another funcion that evaluates the ord of the character given, and if it is between 127 and 160 it returns the modified HEX value to be understood by the browser and not brake the XML
(this work with dynamic XML generated form php with dynamic data from any source)
p.d: the '&'(&) should appear in this post as a single ampersand character and not as the html entity
I just thought I would add that if you're using the default charset, htmlentities will not correctly return the trademark ( (TM) ) sign.
Instead it will return something like this: ???
If you need the trademark symbol, use:
&?php htmlentities( $html, ENT_QUOTES, "UTF-8" ); ?&
CZECH entities:
&?php
$ent = array(
& & 'ě' =& 'ě',
& & '?' =& 'Ě',
& & '?' =& 'š',
& & '?' =& 'Š',
& & '?' =& 'č',
& & '?' =& 'Č',
& & '?' =& 'ř',
& & '?' =& 'Ř',
& & '?' =& 'ž',
& & '?' =& 'Ž',
& & '?' =& 'ý',
& & '?' =& 'Ý',
& & 'á' =& 'á',
& & '?' =& 'Á',
& & 'í' =& 'í',
& & '?' =& 'Í',
& & 'é' =& 'é',
& & '?' =& 'É',
& & 'ú' =& 'ú',
& & '?' =& 'ů',
& & '?' =& 'Ů',
& & '?' =& 'ď',
& & '?' =& 'Ď',
& & '?' =& 'ť',
& & '?' =& 'Ť',
& & 'ň' =& 'ň',
& & '?' =& 'Ň'
);
echo strtr('ě?????áíéú???ň??????????????', $ent);
?&
When using UTF-8 as charset, you'll have to set UTF-8 in braces, otherwise the varaible is not recognized.
&?php $HTML_ENTS=array("quot", "amp", "apos", "lt", "gt", "nbsp", "iexcl", "cent","pound","curren", "yen", "brvbar", "sect", "uml", "copy", "ordf", "laquo","not", "shy", "reg", "macr", "deg", "plusmn", "sup2", "sup3", "acute","micro", "para", "middot", "cedil", "sup1", "ordm", "raquo", "frac14","frac12", "frac34", "iquest", "Agrave", "Aacute", "Acirc", "Atilde", "Auml","Aring", "AElig", "Ccedil", "Egrave", "Eacute", "Ecirc", "Euml", "Igrave","Iacute", "Icirc", "Iuml", "ETH", "Ntilde", "Ograve", "Oacute", "Ocirc","Otilde", "Ouml", "times", "Oslash", "Ugrave", "Uacute", "Ucirc", "Uuml","Yacute", "THORN", "szlig", "agrave", "aacute", "acirc", "atilde", "auml","aring", "aelig", "ccedil", "egrave", "eacute", "ecirc", "euml", "igrave","iacute", "icirc", "iuml", "eth", "ntilde", "ograve", "oacute", "ocirc","otilde", "ouml", "divide", "oslash", "ugrave", "uacute", "ucirc", "uuml","yacute", "thorn", "yuml", "OElig", "oelig", "Scaron", "scaron", "Yuml","fnof", "circ", "tilde", "Alpha", "Beta", "Gamma", "Delta", "Epsilon","Zeta", "Eta", "Theta", "Iota", "Kappa", "Lambda", "Mu", "Nu", "Xi","Omicron", "Pi", "Rho", "Sigma", "Tau", "Upsilon", "Phi", "Chi", "Psi","Omega", "alpha", "beta", "gamma", "delta", "epsilon", "zeta", "eta","theta", "iota", "kappa", "lambda", "mu", "nu", "xi", "omicron", "pi","rho", "sigmaf", "sigma", "tau", "upsilon", "phi", "chi", "psi", "omega","thetasym", "upsih", "piv", "ensp", "emsp", "thinsp", "zwnj", "zwj", "lrm","rlm", "ndash", "mdash", "lsquo", "rsquo", "sbquo", "ldquo", "rdquo","bdquo", "dagger", "Dagger", "bull", "hellip", "permil", "prime", "Prime","lsaquo", "rsaquo", "oline", "frasl", "euro", "image", "weierp", "real","trade", "alefsym", "larr", "uarr", "rarr", "darr", "harr", "crarr", "lArr","uArr", "rArr", "dArr", "hArr", "forall", "part", "exist", "empty", "nabla","isin", "notin", "ni", "prod", "sum", "minus", "lowast", "radic", "prop","infin", "ang", "and", "or", "cap", "cup", "int", "there4", "sim", "cong","asymp", "ne", "equiv", "le", "ge", "sub", "sup", "nsub", "sube", "supe","oplus", "otimes", "perp", "sdot", "lceil", "rceil", "lfloor","rfloor", "lang", "rang", "loz", "spades", "clubs", "hearts", "diams");$HTML_TAGS=array("a", "abbr", "acronym", "address", "applet", "b", "basefont","bdo", "big", "blockquote", "br", "button", "caption", "center", "cite","code", "col", "colgroup", "dd", "del", "dfn", "dir", "div", "dl", "dt", "em","embed", "fieldset", "font", "h1", "h2", "h3", "h4", "h5", "h6", "hr", "i","iframe", "img", "ins", "kbd", "legend", "li", "menu", "noembed", "noscript","object", "ol", "p", "param", "pre", "q", "s", "samp", "script", "small","span", "strike", "strong", "sub", "sup", "table", "tbody", "td", "tfoot","th", "thead", "title", "tr", "tt", "u", "ul", "var");$Xchars = array( 128 =& '€', 130 =& '‚', 131 =& 'ƒ', 132 =& '„', 133 =& '…', 134 =& '†', 135 =& '‡', 136 =& 'ˆ', 137 =& '‰', 138 =& 'Š', 139 =& '‹', 140 =& 'Œ', 142 =& 'Ž', 145 =& '‘', 146 =& '’', 147 =& '“', 148 =& '”', 149 =& '•', 150 =& '–', 151 =& '—', 152 =& '˜', 153 =& '™', 154 =& 'š', 155 =& '›', 156 =& 'œ', 158 =& 'ž', 159 =& 'Ÿ');?&
under what circumstances would someone want a ntilde [?] to be converted into "?±" as htmlentities does?the correct method of translation should return the accurate NCR for the multibyte unicode sequence which in this case is ñ&?php& & class unicode_replace_entities {& & & & public function UTF8entities($content="") { & & & & & & $contents = $this-&unicode_string_to_array($content);& & & & & & $swap = "";& & & & & & $iCount = count($contents);& & & & & & for ($o=0;$o&$iCount;$o++) {& & & & & & & & $contents[$o] = $this-&unicode_entity_replace($contents[$o]);& & & & & & & & $swap .= $contents[$o];& & & & & & }& & & & & & return mb_convert_encoding($swap,"UTF-8"); }& & & & public function unicode_string_to_array( $string ) { $strlen = mb_strlen($string);& & & & & & while ($strlen) {& & & & & & & & $array[] = mb_substr( $string, 0, 1, "UTF-8" );& & & & & & & & $string = mb_substr( $string, 1, $strlen, "UTF-8" );& & & & & & & & $strlen = mb_strlen( $string );& & & & & & }& & & & & & return $array;& & & & }& & & & public function unicode_entity_replace($c) { $h = ord($c{0});& & & & & & & & if ($h &= 0x7F) { & & & & & & & & return $c;& & & & & & } else if ($h & 0xC2) { & & & & & & & & return $c;& & & & & & }& & & & & & & & & & & & if ($h &= 0xDF) {& & & & & & & & $h = ($h & 0x1F) && 6 | (ord($c{1}) & 0x3F);& & & & & & & & $h = "&#" . $h . ";";& & & & & & & & return $h; & & & & & & } else if ($h &= 0xEF) {& & & & & & & & $h = ($h & 0x0F) && 12 | (ord($c{1}) & 0x3F) && 6 | (ord($c{2}) & 0x3F);& & & & & & & & $h = "&#" . $h . ";";& & & & & & & & return $h;& & & & & & } else if ($h &= 0xF4) {& & & & & & & & $h = ($h & 0x0F) && 18 | (ord($c{1}) & 0x3F) && 12 | (ord($c{2}) & 0x3F) && 6 | (ord($c{3}) & 0x3F);& & & & & & & & $h = "&#" . $h . ";";& & & & & & & & return $h;& & & & & & }& & & & }& & }$content = "&strong&ba?o ba?o ba?o&/strong&日本語 = nihongo da ze.&br /&";& & $oUnicodeReplace = new unicode_replace_entities();& & $content = $oUnicodeReplace-&UTF8entities($content);& & echo "&br /&Result:&br /&";& & echo $content;& & $source = htmlentities($content);& & echo "&br /&htmlentities of resulting data:&br /&";& & echo $source;& & echo "&br /&&br /&Note: Entities get replaced with 'literals' in textarea FF3&br /&&br /&";& & echo "&textarea style='width:300height:150'&";& & echo $content;& & echo "&/textarea&";& & & & echo "&br /&&br /&For editing NCR's rather than 'literals' in a textarea&br /&&br /&";& & echo "&textarea style='width:300height:150'&";& & echo preg_replace("/(&#)+/","&#",$content);& & & echo "&/textarea&";?&
If you want something simple that actually works, try this. Strips MS word and other entities and returns a clear data string:
&?php
function DoHTMLEntities ($string) {
& & $trans_tbl[chr(145)] = '‘';
& & $trans_tbl[chr(146)] = '’';
& & $trans_tbl[chr(147)] = '“';
& & $trans_tbl[chr(148)] = '”';
& & $trans_tbl[chr(142)] = '&';
& & $trans_tbl[chr(150)] = '–';
& & $trans_tbl[chr(151)] = '—';
& & return strtr ($string, $trans_tbl);
}
$foo = str_replace("\r\n\r\n","",htmlentities($your_string));
& & & & $foo2 = str_replace("\r\n"," ",$foo);
& & & & $foo3 = str_replace(" & ","&",$foo2);
& & & & echo DoHTMLEntities ($foo3);
?&
unhtmlentities for all entities:&?phpfunction unhtmlentities ($string) {&& $trans_tbl1 = get_html_translation_table (HTML_ENTITIES);&& foreach ( $trans_tbl1 as $ascii =& $htmlentitie ) {& & & & $trans_tbl2[$ascii] = '&#'.ord($ascii).';';&& }&& $trans_tbl1 = array_flip ($trans_tbl1);&& $trans_tbl2 = array_flip ($trans_tbl2);&& return strtr (strtr ($string, $trans_tbl1), $trans_tbl2);}?&
Note that you'll have use htmlentities() before any other function who'll edit text like nl2br().If you use nl2br() first, the htmlentities() function will change & br & to &br&.
Croatian entites
&?php
$ent = array(
& & '?'=&'Ć',
& & '?'=&'ć',
& & '?'=&'Č',
& & '?'=&'č',
& & '?'=&'Đ',
& & '?'=&'đ',
& & '?'=&'Š',
& & '?'=&'š',
& & '?'=&'Ž',
& & '?'=&'ž'
);
echo strtr('??????????', $ent);
?&
A pointer to
if your intention is to translate *all* characters in a charset to their corresponding HTML entities, not just named characters. Non-named characters will be replaced with HTML numeric encoding. eg:$text = mb_convert_encoding($text, 'HTML-ENTITIES', "UTF-8");
use htmlspecialchars() if you are passing in a usual ASCII string.& It is faster than htmlentities().For example, if you are just doing htmlentities('&div style="background: #fff"&&/div&');then you can just use htmlspecialchars().& htmlentities() will look for all possible ways to convert string into html entities, such as & or & (which is e with an acute accent on top).Note that ASCII is just 7 bit, which is 0x00 to 0x7F.& htmlspecialchars() will handle characters inside this range already.& htmlentities() is for the 8-bit Latin-1 (ISO-8859-1) to handle European characters, or for UTF-8 when the 3rd argument is "UTF-8" to handle UTF-8 characters, or other types of encodings using different values for the 3rd argument passed into htmlentities().
The data returned by a text input field is ready to be used in a data base query when enclosed in single quotes, e.g.
&?php
&& mysql_query ("SELECT * FROM Article WHERE id = '$data'");
?&
But you will get problems when writing back this data into the input field's value,
&?php
&& echo "&input name='data' type='text' value='$data'&";
?&
because hmtl codes would be interpreted and escape sequences would cause strange output.
The following function may help:
&?php
function deescape ($s, $charset='UTF-8')
{
&& $s& =& htmlentities ($s, ENT_NOQUOTES, $charset);
&& $s& =& preg_replace ("/\\\\([^'])/e", '"&#" . ord("$1") . ";"', $s);
&& $s& =& str_replace ("\\'", "&#" . ord ("'") . ";", $s);
&& return& $s;
}
?&
Try some input like:& a'b"c\d\'e\"f\\g&x#27;h& to test ...
htmlentites is a very handy function, but it fails to fix one thing which I deal with alot: word 'smart' quotes and emdashes.
The below function replaces the funky double quotes with &, funky single quotes with standard single quotes and fixes emdashes.
&?php
& & function CleanupSmartQuotes($text)
& & {
& & & & $badwordchars=array(
& & & & & & & & & & & & & & chr(145),
& & & & & & & & & & & & & & chr(146),
& & & & & & & & & & & & & & chr(147),
& & & & & & & & & & & & & & chr(148),
& & & & & & & & & & & & & & chr(151)
& & & & & & & & & & & & & & );
& & & & $fixedwordchars=array(
& & & & & & & & & & & & & & "'",
& & & & & & & & & & & & & & "'",
& & & & & & & & & & & & & & '&',
& & & & & & & & & & & & & & '&',
& & & & & & & & & & & & & & '&'
& & & & & & & & & & & & & & );
& & & & return str_replace($badwordchars,$fixedwordchars,$text);
& & }
?&
All Codes listarray('?'=&'&A', 'à'=&'&', '?'=&'&A', 'á'=&'&', '?'=&'&A', '?'=&'&', '?'=&'&A', '?'=&'&', '?'=&'&A', '?'=&'&', '?'=&'&A', '?'=&'&', 'AE'=&'&AE', 'ae'=&'&', '?'=&'&C', '?'=&'&', '?'=&'Ð', '?'=&'&', '?'=&'&E', 'è'=&'&', '?'=&'&E', 'é'=&'&', '?'=&'&E', 'ê'=&'&', '?'=&'&E', '?'=&'&', '?'=&'&I', 'ì'=&'&', '?'=&'&I', 'í'=&'&', '?'=&'&I', '?'=&'&', '?'=&'&I', '?'=&'&', '?'=&'&N', '?'=&'&', '?'=&'&O', 'ò'=&'&', '?'=&'&O', 'ó'=&'&', '?'=&'&O', '?'=&'&', '?'=&'&O', '?'=&'&', '?'=&'&O', '?'=&'&', '?'=&'&O', '?'=&'&', 'OE'=&'&OE', 'oe'=&'&', 'ss'=&'&', '?'=&'Þ', '?'=&'&', '?'=&'&U', 'ù'=&'&', '?'=&'&U', 'ú'=&'&', '?'=&'&U', '?'=&'&', '?'=&'&U', 'ü'=&'&', '?'=&'&Y', '?'=&'&', '?'=&'&Y', '?'=&'&');
here the centralized version of htmlentities() for multibyte.&?phpfunction mb_htmlentities($string){& & $string = htmlentities($string, ENT_COMPAT, mb_internal_encoding());& & return $string;} ?&
This function will encode anything that is non Standard ASCII (that is, that is above #127 in the ascii table)
&?php
function allhtmlentities($string) {
& & if ( strlen($string) == 0 )
& & & & return $string;
& & $result = '';
& & $string = htmlentities($string, HTML_ENTITIES);
& & $string = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
& & $ord = 0;
& & for ( $i = 0; $i & count($string); $i++ ) {
& & & & $ord = ord($string[$i]);
& & & & if ( $ord & 127 ) {
& & & & & & $string[$i] = '&#' . $ord . ';';
& & & & }
& & }
& & return implode('',$string);
}
?&
