Using Special HTML Characters for Other Purposes - PHP

In this third part of a five-part series on strings and regular expressions in PHP, you will learn how to convert strings to and from HTML, and more. This article is excerpted from chapter nine of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

TABLE OF CONTENTS:

By: Apress Publishing

Poor Best

Rating:

/ 2

July 01, 2010

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Several characters play a dual role in both markup languages and the human language. When used in the latter fashion, these characters must be converted into their displayable equivalents. For example, an ampersand must be converted to&, whereas a greater-than character must be converted to >. Thehtmlspecialchars()function can do this for you, converting the following characters into their compatible equivalents. Its prototype follows:

string htmlspecialchars(string str [, int quote_style [, string charset]])

The list of characters thathtmlspecialchars()can convert and their resulting formats follow:

&becomes&
"(double quote) becomes "
'(single quote) becomes '
<becomes <
>becomes >

This function is particularly useful in preventing users from entering HTML markup into an interactive Web application, such as a message board.

The following example converts potentially harmful characters usinghtmlspecialchars():

<?php
$input = "I just can't get <<enough>> of PHP!";
echo htmlspecialchars($input);
?>

Viewing the source, you’ll see the following:

--------------------------------------------
I just can't get <<enough>> of PHP &amp!
--------------------------------------------

If the translation isn’t necessary, perhaps a more efficient way to do this would be to usestrip_tags(), which deletes the tags from the string altogether.

Tip If you are usinggethtmlspecialchars()in conjunction with a function such asnl2br(), you should executenl2br()aftergethtmlspecialchars(); otherwise, the<br />tags that are generated withnl2br()will be converted to visible characters.

Converting Text into Its HTML Equivalent

Usingget_html_translation_table()is a convenient way to translate text to its HTML equivalent, returning one of the two translation tables (HTML_SPECIALCHARSorHTML_ENTITIES). Its prototype follows:

array get_html_translation_table(int table [, int quote_style])

This returned value can then be used in conjunction with another predefined function,strtr()(formally introduced later in this section), to essentially translate the text into its corresponding HTML code.

The following sample usesget_html_translation_table()to convert text to HTML:

<?php
    $string = "La pasta é il piatto piú amato in Italia";
    $translate = get_html_translation_table(HTML_ENTITIES);
    echo strtr($string, $translate);
?>

This returns the string formatted as necessary for browser rendering:

--------------------------------------------
La pasta é il piatto pi&úacute; amato in Italia
--------------------------------------------

Interestingly,array_flip()is capable of reversing the text-to-HTML translation and vice versa. Assume that instead of printing the result ofstrtr()in the preceding code sample, you assign it to the variable$translated_string.

The next example usesarray_flip()to return a string back to its original value:

<?php
    $entities = get_html_translation_table(HTML_ENTITIES);
    $translate = array_flip($entities);
    $string = "La pasta é il piatto piú amato in Italia";
    echo strtr($string, $translate);
?>

This returns the following:

--------------------------------------------
La pasta é il piatto piú amato in italia
--------------------------------------------

Next: Creating a Customized Conversion List >>