PHP HTML Entities

What Are HTML Entities?

“A character entity reference is an SGML construct that references a character of the document character set.”

This is just a fancy way of saying that an HTML entitiy is a reproduced set of characters that originally signified a single HTML representation.

You may already be familiar with some HTML entities and not even know it! If you’ve ever coded HTML before, chances are that you’ve used some of the following HTML entities:

HTML Entity => Description => Representation
  => No break space => ” ”
© => Copyright symbol => “©”
® => Registered trademark symbol => “®”

Do some of those HTML entities look familiar to you? If so, you will notice that you use a set of characters to signify a single HTML representation (my definition of an HTML entity).

Because there are so many HTML entities, I’m not going to list them all for you, but I will refer you to this page instead:

List of XML and HTML character entity references

What Do HTML Entities Do?

HTML entities are a representation of regular HTML expressions into a group of characters. By using the htmlentities function, PHP can convert the HTML expressions into their entity automatically.

You might be thinking ‘why do I need to use HTML entities?”. That’s a good question.

When To Use The HTML Entities

Using HTML entities is particularly useful for when you allow users to submit information through a form and you need to protect yourself from allowing your visitors to submit potentially dangerous HTML code which can be harmful to your server or to your visitors. By using the HTML entities function to convert the HTML code into a set of harmless characters, you thereby remove any HTML functionality from the code submitted.

In fact, unless you have some specific need, you should ALWAYS use the HTML entities function when allowing users to submit any data to your server.

HTML Entities Example

This simple example will demonstrate how the HTML entities function works:

<p align=”center”></p>

See the above code? I could not display that simple HTML code (or any of my code examples) to you in your browser if I had not used the HTML entities function. Why?

Because if I had typed the code exactly as you see it above without using HTML entities, your browser would have interpreted the code to display a center aligned paragraph to you.

Using HTML entities, the above code is changed to:

&lt;p align=”center”&gt; &lt;/p&gt;

&lt; being the HTML entity for the < symbol and &gt; being the HTML entity for the > symbol.

Again, for a list of HTML entities, visit:

List of XML and HTML character entity references

Quote Styles

Before discussing how to implement the HTML entities function using PHP, let me explain the three different quote styles.

When using the HTML entities function, you can choose how you want the code to interpret single (‘) and double (“) quotes.

There are three different quote styles, and these are:

ENT_COMPAT This converts double quotes while leaving single quotes alone.
ENT_QUOTES This converts both double and single quotes.
ENT_NOQUOTES This will not convert either single or double quotes.

How To Implement Html Entities Using PHP

Now that you have learned what HTML entities are and the three different quote styles to choose from when using the PHP HTML entities function, we can begin to implement this function into our code.

$name = “My ‘name’ is <b>John</b>”;

echo htmlentities($name);

The above code would display the following:

My ‘name’ is &lt;b&gt;John&lt;/b&gt;

Now, we stick with the same example, only we use the ENT_QUOTES quote style:

$name = “My ‘name’ is <b>John</b>”;

echo htmlentities($name, ENT_QUOTES);

This time, the code will display:

My &amp#039;name&amp#039; is &lt;b&gt;John&lt;/b&gt;

Notice how when we used ENT_QUOTES, the single quotes around the word “name” were replaced.

Now, no matter what potentially harmful HTML code a visitor to your site may submit through a form on your site, it will all be automatically converted to a bunch of harmless characters!