|
|
 |
htmlentities (PHP 3, PHP 4, PHP 5) htmlentities --
Преобразует символы в соответствующие HTML сущности.
Описаниеstring htmlentities ( string string [, int quote_style [, string charset]] )
Эта функция идентична htmlspecialchars() за
исключением того, что htmlentities() преобразует
все символы в соответствющие HTML сущности (для тех символов, для
которых HTML сущности существуют).
Подобно htmlspecialchars(), необязательный
аргумент quote_style позволяет указать способ
обработки 'одиночных' и "двойных" кавычек. Значением этого аргумента
может быть одна из трех следующих констант (по умолчанию
ENT_COMPAT):
Таблица 1. Константы quote_style | Имя константы | Описание |
|---|
| ENT_COMPAT |
Преобразуются двойные кавычки, одиночные остаются без изменений.
| | ENT_QUOTES |
Преобразуются и двойные, и одиночные кавычки.
| | ENT_NOQUOTES |
И двойные, и одиночные кавычки остаются без изменений.
|
Поддержка необязательно аргумента quote_style была
добавлена в PHP 4.0.3.
Подобно htmlspecialchars(), необязательный третий
аргумент charset определяет кодировку,
используемую при преобразовании. Поддержка этого аргумента
была добавлена в PHP 4.1.0. По умолчанию в настоящее время
используется кодировка ISO-8859-1.
Начиная с PHP 4.3.0 поддерживаются следующие кодировки.
Таблица 2. Поддерживаемые кодировки | Кодировка | Псевдонимы | Описание |
|---|
| ISO-8859-1 | ISO8859-1 |
Западно-европейская Latin-1
| | ISO-8859-15 | ISO8859-15 |
Западно-европейская Latin-9. Добавляет знак евро, французские и
финские буквы к кодировке Latin-1(ISO-8859-1).
| | UTF-8 | |
8-битная Unicode, совместимая с ASCII.
| | cp866 | ibm866, 866 |
Кириллическая кодировка, применяемая в DOS.
Поддерживается в версии 4.3.2.
| | cp1251 | Windows-1251, win-1251, 1251 |
Кириллическая кодировка, применяемая в Windows.
Поддерживается в версии 4.3.2.
| | cp1252 | Windows-1252, 1252 |
Западно-европейская кодировка, применяемая в Windows.
| | KOI8-R | koi8-ru, koi8r |
Русская кодировка.
Поддерживается в версии 4.3.2.
| | BIG5 | 950 |
Традиционный китайский, применяется в основном на Тайване.
| | GB2312 | 936 |
Упрощенный китайский, стандартная национальная кодировка.
| | BIG5-HKSCS | |
Расширенная Big5, применяемая в Гонг-Конге.
| | Shift_JIS | SJIS, 932 |
Японская кодировка.
| | EUC-JP | EUCJP |
Японская кодировка.
|
Замечание:
Не перечисленные выше кодировки не поддерживаются, и вместо них
применяется ISO-8859-1.
Для выполнения обратного преобразования используется функция
html_entity_decode().
Пример 1. Пример использования htmlentities() |
<?php
$str = "A 'quote' is <b>bold</b>";
echo htmlentities($str);
echo htmlentities($str, ENT_QUOTES);
?>
|
|
См. также описание функций html_entity_decode(),
get_html_translation_table(),
htmlspecialchars(), nl2br()
и urlencode().
htmlentities
soapergem at gmail dot com
10-May-2006 11:14
A quick revision to my last comment. For some reason, leaving the control characters in the safe range seemed to screw things up. So instead, using this function will do what everybody else here is trying to do, but it will do so in a single line:
<?php
$text = preg_replace('/[^\x09\x0A\x0D\x20-\x7F]/e', '"&#".ord($0).";"', $text);
?>
cameron at prolifique dot com
10-May-2006 11:01
I've been asked why I assembled such intricate functions to convert to entities when I could use a very simple solution (like the one offered by soapergem below). The biggest reason is that the PHP htmlentities function and most of the other solutions listed below go haywire on multi-byte strings.
In addition, the entire range of numbered entities from  through Ÿ are invalid characters, and should not be used (as noted by mail at britlinks dot com below). Most htmlentity functions also do not convert ampersands or pointy brackets (<>) to entities. The ones that do often reconvert existing entities (& becomes &amp;).
cameron at prolifique dot com
05-May-2006 05:02
I've been dissatisfied with all the solutions I've yet seen for converting text into html entities, which all seem to have some drawback or another. So I wrote my own, borrowing heavily from other code posted on this site.
http://www.prolifique.com/entities.php.txt
makeSafeEntities() should take any text, convert it from the specified charset into UTF-8, then replace all inappropriate characters with appropriate (and legal) character entities, returning generic ISO-8859 HTML text. Should NOT reconvert any entities already in the text.
makeAllEntities() does the same, but converts the entire string to entities. Useful for obscuring email addresses (in a lame but nonetheless somewhat effective way).
Suggestions for improvement welcome!
soapergem at gmail dot com
29-Apr-2006 11:53
Here's another version of that "allhtmlentities" function that an anonymous user posted in the last comment, only this one would be significantly more efficient. Again, this would convert anything that has an ASCII value higher than 127.
<?php
function allhtmlentities($string)
{
return preg_replace('/[^\x00-\x7F]/e', '"&#".ord("$0").";"', $string);
}
?>
anonymous
26-Apr-2006 12:38
This function will encode anything that is non Standard ASCII (that is, that is above #127 in the ascii table)
// allhtmlentities : mainly based on "chars_encode()" by Tim Burgan <timburgan@gmail.com> [htmlentities]
function allhtmlentities($string) {
if ( strlen($string) == 0 )
return $string;
$result = '';
$string = htmlentities($string, HTML_ENTITIES);
$string = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
$ord = 0;
for ( $i = 0; $i < count($string); $i++ ) {
$ord = ord($string[$i]);
if ( $ord > 127 ) {
$string[$i] = '&#' . $ord . ';';
}
}
return implode('',$string);
}
eion at bigfoot dot com
20-Feb-2006 04:54
many people below talk about using
<?php
mb_convert_encode($s,'HTML-ENTITIES','UTF-8');
?>
to convert non-ascii code into html-readable stuff. Due to my webserver being out of my control, I was unable to set the database character set, and whenever PHP made a copy of my $s variable that it had pulled out of the database, it would convert it to nasty latin1 automatically and not leave it in it's beautiful UTF-8 glory.
So [insert korean characters here] turned into ?????.
I found myself needing to pass by reference (which of course is deprecated/nonexistent in recent versions of PHP)
so instead of
<?php
mb_convert_encode(&$s,'HTML-ENTITIES','UTF-8');
?>
which worked perfectly until I upgraded, so I had to use
<?php
call_user_func_array('mb_convert_encoding', array(&$s,'HTML-ENTITIES','UTF-8'));
?>
Hope it helps someone else out
timburgan at gmail dot com
01-Feb-2006 06:39
chars_encode() will, by default, convert ALL non-alpha-numeric and non-space characters in a string to it's ASCII HTML character code (i.e. + to +).
chars_decode() will decode a string encoded by chars_encode().
<?php
function chars_encode($string, $encodeAll = false)
{
$chars = array();
$ent = null;
$chars = preg_split("//", $string, -1, PREG_SPLIT_NO_EMPTY);
for ( $i = 0; $i < count($chars); $i++ )
{
if ( preg_match("/^(\w| )$/",$chars[$i]) && $encodeAll == false )
$ent[$i] = $chars[$i];
else
$ent[$i] = "&#" . ord($chars[$i]) . ";";
}
if ( sizeof($ent) < 1)
return "";
return implode("",$ent);
}
function chars_decode($string)
{
$tok = 0;
$cur = 0;
$chars = null;
while ( $cur < strlen($string) )
{
$tok = strpos($string, "&#", $cur);
if ( $tok === false )
$tok = strlen($string);
if ( preg_match("/^(\w| )$/",substr($string, $cur, 1)) )
{
$chars .= substr($string, $cur, $tok - $cur);
}
else
{
$cur += 2;
$tok = strpos($string, ';', $cur);
$chars .= chr(substr($string, $cur, $tok - $cur));
$tok++;
}
$cur = $tok;
}
return $chars;
}
$string = '<a href="http://timburgan.com" rel="external" title="Go to timburgan.com">Tim Burgan</a>';
$encoded = chars_encode($string);
$decoded = chars_decode($encoded);
echo <<<HEREDOCS
<h4>Original String Output</h4>
{$string}
<hr/>
<h4>Encoded String Output</h4>
{$encoded}
<hr/>
<h4>Decoded String Output</h4>
{$decoded}
HEREDOCS;
?>
Bartek
31-Jan-2006 02:06
I use this function to convert imput from MS Word into html (ascii) compatible output. I hope it would work also for you.
I have enabled magic_quotes on my server so maybe you won't need stripslashes and addslashes.
I've also noticed that Opera 8.51 browses behaves somehow different from IE 6 and Firefox 1.5. I haven't check this functions with other browsers.
<?php
function convert_word_to_ascii($string)
{
$string = stripslashes($string);
if ( stristr($_SERVER['HTTP_USER_AGENT'], "Opera") )
$search = array('‘',
chr(96),
'’',
'„',
'”',
'“',
'…',
'–');
if ( stristr($_SERVER['HTTP_USER_AGENT'], "Firefox") || stristr($_SERVER['HTTP_USER_AGENT'], "MSIE") )
$search = array(chr(145),
chr(146),
chr(96),
chr(132),
chr(147),
chr(148),
chr(133),
chr(150));
$replace = array( "'",
"'",
"'",
'"',
'"',
'"',
'...',
'-');
$new_string = str_replace($search, $replace, $string);
return addslashes($new_string);
};
?>
23-Jan-2006 05:20
Please, don't use htmlentities to avoid XSS! Htmlspecialchars is enough!
If you don't specify the encoding, Latin1 will be used, so there is a problem if someone wants to use your software in a non-English environment.
mailing at jcn50 dot com
20-Jan-2006 10:25
Convert any language (Japanese, French, Chinese, Russian, etc...) to unicode HTML entities like &#XXXX;
In one line!
$new=mb_convert_encoding($s,"HTML-ENTITIES","auto");
where $s is your string (may be a FORM submitted one).
Enjoy~
edo at edwaa dot com
17-Nov-2005 08:48
A version of the xml entities function below. This one replaces the "prime" character () with which I had difficulties.
// XML Entity Mandatory Escape Characters
function xmlentities($string) {
return str_replace ( array ( '&', '"', "'", '<', '>', '' ), array ( '&' , '"', ''' , '<' , '>', ''' ), $string );
}
info at bleed dot ws
14-Oct-2005 10:42
here the centralized version of htmlentities() for multibyte.
<?php
function mb_htmlentities($string)
{
$string = htmlentities($string, ENT_COMPAT, mb_internal_encoding());
return $string;
}
?>
fanfatal at fanfatal dot pl
28-Aug-2005 02:28
I wrote usefull function which is support iso-8859-2 encoding with htmlentities function ;]
<?php
function htmlentities_iso88592($string='') {
$pl_iso = array('ê', 'ó', '±', '¶', '³', '¿', '¼', 'æ', 'ñ', 'Ê', 'Ó', '¡', '¦', '£', '¬', '¯', 'Æ', 'Ñ');
$entitles = get_html_translation_table(HTML_ENTITIES);
$entitles = array_diff($entitles, $pl_iso);
return strtr($string, $entitles);
}
?>
Greatings ;-)
...
webmaster at swirldrop dot com
26-Jul-2005 11:45
To replace any characters in a string that could be 'dangerous' to put in an HTML/XML file with their numeric entities (e.g. é for [e acute]), you can use the following function:
function htmlnumericentities($str){
return preg_replace('/[^!-%\x27-;=?-~ ]/e', '"&#".ord("$0").chr(59)', $str);
};//EoFn htmlnumericentities
To change any normal entities (e.g. €) to numerical entities call:
$str = htmlnumericalentities(html_entity_decode($str));
rbotzer at yahoo dot com
19-Jul-2005 02:10
The existance of html entities such as " inside an xml node causes most xml parsers to throw an error. The following function cleans an input string by converting html entities to valid unicode entities.
<?php
function htmlentities2unicodeentities ($input) {
$htmlEntities = array_values (get_html_translation_table (HTML_ENTITIES, ENT_QUOTES));
$entitiesDecoded = array_keys (get_html_translation_table (HTML_ENTITIES, ENT_QUOTES));
$num = count ($entitiesDecoded);
for ($u = 0; $u < $num; $u++) {
$utf8Entities[$u] = '&#'.ord($entitiesDecoded[$u]).';';
}
return str_replace ($htmlEntities, $utf8Entities, $input);
}
?>
So, an input of
Copyrights © make "me" grin ®
outputs
Copyrights © make "me" grin ®
send at mail dot 2aj dot net
14-Jul-2005 10:03
If you are programming XML documents and are using the htmlentities function, then performing a str_replace on ' into ' to set mandatory escape characters you can use this simple function instead.
This function, xmlentities, is basically the XML parsing equivalent of htmlentities, with fewer options than its HTML counterpart:
<?php
function xmlentities ( $string )
{
return str_replace ( array ( '&', '"', "'", '<', '>' ), array ( '&' , '"', ''' , '<' , '>' ), $string );
}
?>
Example:
<?php
function xmlentities($string)
{
return str_replace ( array ( '&', '"', "'", '<', '>' ), array ( '&' , '"', ''' , '<' , '>' ), $string );
}
echo xmlentities("If you don't use these mandatory escape characters <tags> between </tags>, XML will \"eXtensively\" & \"implicitly\" give you errors.");
?>
Produces...
If you don't use these mandatory escape characters <tags> between </tags>, XML will "eXtensively" & "implicitly" give you errors.
penfield888 at yahoo dot com
01-Feb-2005 09:40
This is a followup to the older note by mirrorball_girl (5 Jan 2003) for those who may follow.
Rather than making an exception for the en-dash (#150) and translating it to a hyphen, you could use the – unicode en-dash entity (assuming that you are serving up your pages as UTF-8 or some such encoding.
Also, the whole thing can be done better with mb_detect_order, mb_detect_encoding and mb_convert_encoding if all you want to do is serve up a web page (if you need to convert to pure ASCII, that's another issue). You need to have multi-byte support enabled on your PHP server.
Basically, the problem is with older MS programs that use Windows-1252 for their encoding, so all you really need to do is
- detect for Win-1252
- if present, convert to UTF-8
- serve up your pages as UTF-8
See the manual on Multibyte String Functions for more information.
root at joe-linux.NOSPAM.org
27-Jan-2005 02:48
It may come to you as a surprise, but i've noticed that in Firefox (as of 1.0), the text presented in "View selection source" is not the same as "View page source"; Il you want to see the REAL result of htmlentities() you should look at the entire source;
almost become mad before i discover this :)
marques at displague dot com
24-Jan-2005 10:01
htmlEncodeText (below) needs a small tweak, the dash needs to be made literal to get picked up in cases like '<a href="blah-blah.php">'. I have been using this function to parse my postgresql database calls since I have alot of unicode data and I don't want HTML data to be neutered (via htmlentities()).
<?php
function htmlEncodeText ($string)
{
$pattern = '<([a-zA-Z0-9\.\, "\'_\/\-\+~=;:\(\)?&#%![\]@]+)>';
preg_match_all ('/' . $pattern . '/', $string, $tagMatches, PREG_SET_ORDER);
$textMatches = preg_split ('/' . $pattern . '/', $string);
foreach ($textMatches as $key => $value) {
$textMatches [$key] = htmlentities ($value);
}
for ($i = 0; $i < count ($textMatches); $i ++) {
$textMatches [$i] = $textMatches [$i] . $tagMatches [$i] [0];
}
return implode ($textMatches);
}
?>
--Editor note: Combined some corrections to the regex pattern, thanks to fabian dot lange at web dot de, hammertscrew at veryweb dot com, webmaster AT scholesmafia DOT co DOT uk, thomas AT cosifan DOT de and marques at displague dot com---
dumb at coder dot com
17-Jan-2005 04:22
/*
15Jan05
Within <textarea>, Browsers auto render & display certain "HTML Entities" and "HTML Entity Codes" as characters:
< shows as < -- & shows as & -- etc.
Browsers also auto change any "HTML Entity Codes" entered in a <textarea> into the resultant display characters BEFORE UPLOADING. There's no way to change this, making it difficult to edit html in a <textarea>
"HTML Entity Codes" (ie, use of < to represent "<", & to represent "&"   to represent " ") can be used instead. Therefore, we need to "HTML-Entitize" the data for display, which changes the raw/displayed characters into their HTML Entity Code equivalents before being shown in a <textarea>.
how would I get a textarea to contain "<" as a literal string of characters and not have it display a "<"
&lt; is indeed the correct way of doing that. And if you wanted to display that, you'd need to use &amp;lt;'. That's just how HTML entities work.
htmlspecialchars() is a subset of htmlentities()
the reverse (ie, changing html entity codes into displayed characters, is done w/ html_entity_decode()
google on ns_quotehtml and see http://aolserver.com/docs/tcl/ns_quotehtml.html
see also http://www.htmlhelp.com/reference/html40/entities/
*/
Duane
09-Jan-2005 05:34
I found using:
preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,5};)/",
"&",strtr($string, $trans));
didn't trap hex values (such as 的), so instead I ended
up using:
preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[x0-9a-f]{2,6};)/",
"&", strtr($string, $trans));
olito24 at gmx dot de
13-Dec-2004 04:17
a function to encode everything but html tags. pattern improvement is much appreciated!
function htmlEncodeText ($string)
{
$pattern = '<([a-zA-Z0-9\. "\'_\/-=;\(\)?&#%]+)>';
preg_match_all ('/' . $pattern . '/', $string, $tagMatches, PREG_SET_ORDER);
$textMatches = preg_split ('/' . $pattern . '/', $string);
foreach ($textMatches as $key => $value) {
$textMatches [$key] = htmlentities ($value);
}
for ($i = 0; $i < count ($textMatches); $i ++) {
$textMatches [$i] = $textMatches [$i] . $tagMatches [$i] [0];
}
return implode ($textMatches);
}
duke at redump dot de
01-Nov-2004 06:44
The function xmlentities works great, but there can be up to 5 numbers after the &# string. See this for example:
ベースボー
ルスターズ2
This is a valid (wrapped) japanese string. To successfully use it with xmlentities, you need to replace
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($string, $trans));
with
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,5};)/","&" , strtr($string, $trans));
(3 to 5).
Duke
tmp1000 at fastmail dot deleteme dot fm
22-Oct-2004 10:07
Regarding the two great function posted by pinkpather and webwurst; one to encode xml entities, the other to encode only the entities of a string not already encoded. I've combined these two. And IMHO made a small improvement by making the translation table static:
<?php
function xmlentities($string, $quote_style=ENT_QUOTES)
{
static $trans;
if (!isset($trans)) {
$trans = get_html_translation_table(HTML_ENTITIES, $quote_style);
foreach ($trans as $key => $value)
$trans[$key] = '&#'.ord($key).';';
$trans[chr(38)] = '&';
}
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($string, $trans));
}
?>
Here's the snippet of code I'm testing with:
<?php
echo "<p>Testing xmlentities...</p>";
$strings[] = "No entities here.";
$strings[] = "<b>bold</b>";
$strings[] = "Got style? Try K & R.";
echo "<ul>";
foreach ($strings as $string) {
echo "<li>Original string: ".htmlentities($string)."</li>\n";
echo "<li>Encoded once: ".htmlentities(xmlentities($string))."</li>\n";
echo "<li>Encoded twice: ".htmlentities(xmlentities(xmlentities($string)))."</li>\n";
}
echo "</ul>";
?>
Miguel (miguel at sigmanet dot com dot br)
20-Oct-2004 08:43
This is a simple script that I'm using to encode and decode values from a form. Save it with the name that you wish.
<?php
function encodeText($_str) {
$_str = strip_tags($_str);
$_str = trim($_str);
$_str = htmlentities($_str);
$_str = str_replace("\r\n", "#BR#", $_str);
return($_str);
}
function decodeText($_str, $_form) {
$trans_tbl = get_html_translation_table (HTML_ENTITIES);
$trans_tbl = array_flip ($trans_tbl);
$_str = strtr($_str, $trans_tbl);
if ($_form) {
$_nl = "\r\n";
} else {
$_nl = "<br>";
}
$_str = str_replace("#BR#", "$_nl", $_str);
return($_str);
}
?>
roland dot swingler at nospam dot transversal dot com
30-Sep-2004 08:39
You don't need these custom conversion functions.
This function will only work for the first 128 ascii characters if no character set is specified. If you specify the character set in an http header:
<?php
header('Content-type: text/html; charset=utf-8');
htmlentities('string to be encoded', ENT_QUOTES, 'utf-8');
?>
then it will work for all html entities. It outputs the named rather than the numerical entities, but html_entity_decode() will decode both numerical and textual entities (it will treat € and € as the same).
BTW, if you are dealing with form submitted data, it is a good idea to add the accept-charset="character set" attribute
to the form as well.
cd at NOSPAM dot deluxe dot cd
19-Sep-2004 09:47
allthough it is much more complex than this, please note that if you're using xhtml the character encoding you specify within your document is "associated" with the encoding used by php.
e.g.:
<?xml version="1.0" encoding="..."?>
may also assess the manner form data is submitted. as it is prepared before sending it does not matter whether it is post or get.
to give you something stoutly have a look at mozilla firefox (0.9.3) where submitting form data...
<?xml version="1.0" encoding="ISO-8859-1"?>
...converts to %E4
<?xml version="1.0" encoding="UTF-8"?>
...converts to %C3%A4
or at internet explorer (6.0) where encoding is ignored while submit but default values of an input field let you recognize the same thing.
this may confuse you getting the desired ä afterwards.
porge
30-Aug-2004 08:09
Thanks attila at roughdot dot com, however I changed this to :
"/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,4};|#x[0-9a-fA-F]{2,4};)/"
in order to also to match hex-coded entities.
attila at roughdot dot com
04-Aug-2004 10:25
Thx for that function, pinkpanther at swissonline dot ch, though the number of digits after the '#' can be 4, not 3.
I bumped into this when struggeling with the euro sign (€).
function htmlentities2( $myHTML)
{
$translation_table = get_html_translation_table( HTML_ENTITIES, ENT_QUOTES);
$translation_table[chr( 38)] = '&';
return preg_replace( "/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,4};)/", "&" , strtr( $myHTML, $translation_table));
}
m227 at poczta dot onet dot pl
26-May-2004 03:00
// tested with PHP 4.3.4, Apache 1.29
// function works like original htmlentities
// but preserves Polish characters encoded in CP-1250
// (Windows code page) from false conversion
// m227@poczta.onet.pl, 2004
function htmlentities1250($str)
{
// four chars does not need any conversion
// s` (9c), z` (9f), Z` (8f), S` (8c)
$trans = array(
"³" => "\xb3", // "l-"
"¹" => "\xb9", // "a,"
"ê" => "\xea", // "e,"
"æ" => "\xe6", // "c`"
"ñ"=> "\xf1", // "n`"
"¿"=> "\xbf", // "z."
"¥" => "\xa5", // "A,"
"Æ" => "\xc6", // "C`"
"¯" => "\xaf", // "Z."
"Ê" => "\xca", // "E,"
"ó"=> "\xf3", // "o`"
"Ó"=> "\xd3", // "O`"
"£" => "\xa3", // "L-"
"Ñ"=> "\xd1" // "N`"
);
return strtr(htmlentities($str), $trans);
}
mail at britlinks dot com
19-May-2004 09:27
similar to cedric at shift-zone dot be's function, this 'cleans up' text from MS Word, and other non-alphanumeric characters to their valid [X]HTML counterparts
<?php
function htmlfriendly($var,$nl2br = false){
$chars = array(
128 => '€',
130 => '‚',
131 => 'ƒ',
132 => '„',
133 => '…',
134 => '†',
135 => '‡',
136 => 'ˆ',
137 => '‰',
138 => 'Š',
139 => '‹',
140 => 'Œ',
142 => 'Ž',
145 => '‘',
146 => '’',
147 => '“',
148 => '”',
149 => '•',
150 => '–',
151 => '—',
152 => '˜',
153 => '™',
154 => 'š',
155 => '›',
156 => 'œ',
158 => 'ž',
159 => 'Ÿ');
$var = str_replace(array_map('chr', array_keys($chars)), $chars, htmlentities(stripslashes($var)));
if($nl2br){
return nl2br($var);
} else {
return $var;
}
}
?>
cedric at shift-zone dot be
04-May-2004 06:02
This is a conversion function for special chars.
Very usefull to convert a word document into valid html
(the html provided is successfully parsed by sablotron 0.97 using iso-8859-1 charset) :
function convertDoc2HTML($txt){
$len = strlen($txt);
$res = "";
for($i = 0; $i < $len; ++$i) {
$ord = ord($txt{$i});
// check only non-standard chars
if($ord >= 126){
$res .= "&#".$ord.";";
}
else {
// escape ", ' and \ chars
switch($ord){
case 34 :
$res .= "\\\"";
break;
case 39 :
$res .= "\'";
break;
case 92 :
$res .= "\\\\";
break;
default : // the rest does not have to be modified
$res .= $txt{$i};
}
}
}
return $res;
}
jake_mcmahon at hotmail dot com
29-Apr-2004 02:29
This fuction is particularly useful against XSS (cross-site-scripting-). XSS makes use of holes in code, whether it be in Javascript or PHP. XSS often, if not always, uses HTML entities to do its evil deeds, so this function in co-operation with your scripts (particularly search or submitting scripts) is a very useful tool in combatting "H4X0rz".
Guillaume Beaulieu
11-Apr-2004 02:10
Here's a simple script to transform filename with accented character in it into much more usable unaccented character for a restrictive filesystem.
$string = htmlentities($stringToModify);
/* Take the first letter of the entity (if you got filename with ([<>] in it the result will probably remain lookable*/
$string = preg_replace("/\&(.)[^;]*;/", "\\1", $string);
/* Change the whitespace into _*/
$string = preg_replace("/[ ]/", "_", $string);
/* Dance ! */
print $string;
Funky Ants
03-Apr-2004 11:55
I had a problem working with partially html encoded data, with a selection of unescaped ampersands, hex coded, and characters in "&", style.
Which ive finally overcome by decoding all of the data, adn then reincoding it all.
I found a combination of a couple of peoples work useful.
function get_htmlspecialchars( $given, $quote_style = ENT_QUOTES ){
return htmlentities( unhtmlentities( $given ) , $quote_style );
}
function unhtmlentities( $string ){
$trans_tbl = get_html_translation_table ( HTML_ENTITIES );
$trans_tbl = array_flip( $trans_tbl );
$ret = strtr( $string, $trans_tbl );
return preg_replace( '/&#(\d+);/me' , "chr('\\1')" , $ret );
}
wwb at 3dwargamer dot net
31-Mar-2004 04:49
htmlentites is a very handy function, but it fails to fix one thing which I deal with alot: word 'smart' quotes and emdashes.
The below function replaces the funky double quotes with ", funky single quotes with standard single quotes and fixes emdashes.
function CleanupSmartQuotes($text)
{
$badwordchars=array(
chr(145),
chr(146),
chr(147),
chr(148),
chr(151)
);
$fixedwordchars=array(
"'",
"'",
'"',
'"',
'—'
);
return str_replace($badwordchars,$fixedwordchars,$text);
}
arjini at mac dot com
18-Mar-2004 11:49
If you're looking to provide bare bones protection to email addresses posted to the web try this:
###
$string = 'arjini@mac.com';
for($i=0;$i<strlen($string);++$i){
$n = rand(0,1);
if($n)
$finished.='&#x'.sprintf("%X",ord($string{$i})).';';
else
$finished.='&#'.ord($string{$i}).';';
}
echo $finished;
###
This randomly encodes a mix of hex and oridinary HTML entities for every character in the address. Note that a decoding mechanism for this could probably be written just as easily, so eventually the bots will be able to cut through this like butter, but for now, it seems like most harvesters are only looking for non-hex html entities.
stewey at ambitious dot ca
04-Mar-2004 06:11
This version of macRomanToIso (originally posted by: marcus at synchromedia dot co dot uk) offers a couple of improvements. First, it removes the extra slashes '\' that broke the original function. Second, it adds four quote characters not supported in ISO 8859-1. These are the left double quote, right double quote, left single quote and right single quote.
Be sure to remove the line breaks from the two strings going into strtr or this function will not work properly.
Be careful what text you apply this to. If you apply it to ISO 8859-1 encoded text it will likely wreak havoc. I'll save you some trouble with this bit of advice: don't bother trying to detect what charset a certain text file is using, it can't be done reliably. Instead, consider making assumptions based upon the HTTP_USER_AGENT, or prompting the user to specify the character encoding used (perhaps both).
<?php
function macRomanToIso($string)
{
return strtr($string,
"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b
\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97
\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa1\xa4\xa6\xa7
\xa8\xab\xac\xae\xaf\xb4\xbb\xbc\xbe\xbf\xc0\xc1
\xc2\xc7\xc8\xca\xcb\xcc\xd6\xd8\xdb\xe1\xe5\xe6
\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf1\xf2\xf3
\xf4\xf8\xfc\xd2\xd3\xd4\xd5",
"\xc4\xc5\xc7\xc9\xd1\xd6\xdc\xe1\xe0\xe2\xe4\xe3
\xe5\xe7\xe9\xe8\xea\xeb\xed\xec\xee\xef\xf1\xf3
\xf2\xf4\xf6\xf5\xfa\xf9\xfb\xfc\xb0\xa7\xb6\xdf\xae
\xb4\xa8\xc6\xd8\xa5\xaa\xba\xe6\xf8\xbf\xa1\xac
\xab\xbb\xa0\xc0\xc3\xf7\xff\xa4\xb7\xc2\xca\xc1
\xcb\xc8\xcd\xce\xcf\xcc\xd3\xd4\xd2\xda\xdb\xd9
\xaf\xb8\x22\x22\x27\x27");
}
?>
Julien CROUZET
27-Nov-2003 12:01
If you are looking for a htmlentities inverse :
<?
$table = array_flip(get_html_translation_table(HTML_ENTITIES));
$plaintext = strtr($html, $table);
?>
Here is a full example to extract plaintext from a SIMPLE html page (not table, etc...)
<?
$file_content = file_get_contents($htmlfile);
$file_content = strip_tags($file_content, '<br>');
$file_content = preg_replace('/<br( )?(\/)?>/i', "\n", $file_content);
$file_content = wordwrap($file_content);
$table = array_flip(get_html_translation_table(HTML_ENTITIES));
$file_content = strtr($file_content, $table);
?>
root[noSPAM]cyberdark.net
24-Nov-2003 06:53
A little function that may help someone. Is useful where, FE, someone writes a text through a content management panel and is also able to put html (bolds, italics,...), so we don't want to convert html tags but all the rest. The code offers a few examples of extra entities.
function myhtmlentities($str) {
$tbl=get_html_translation_table(HTML_ENTITIES);
unset ($tbl["<"]);
unset ($tbl[">"]);
unset ($tbl["'"]);
unset ($tbl['"']);
$tbl[""]=""";
$tbl[""]=""";
$tbl[""]="...";
$tbl[""]="-";
$tbl[""]="»";
$tbl[""]="«";
return str_replace(array_keys($tbl),array_values($tbl),$str);
}
dmurphy at telegeography dot com
19-Sep-2003 11:14
// htmlentities() does not support Mac Roman, so this is a workaround. It requires the below table.
// This function runs on a Mac OSX machine, where text is stored in the Mac Roman character set inside a Mac OSX MySQL table.
function custom_htmlentities ($string, $table) {
// Loop throught the array, replacing each ocurrance
for ($n = 0; $n < count($table); $n++) {
$table_line = each($table);
// use the chr function to get the one character string for each ascii decimal code
$find_char = chr($table_line[key]);
$replace_string = $table_line[value];
$string = str_replace($find_char, $replace_string, $string);
}
return $string;
}
pinkpanther at swissonline dot ch
28-Jul-2003 02:29
In case you want a 'htmlentities' function which prevents 'double' encoding of the ampersands of already present entities (> => &gt;), use this:
function htmlentities2($myHTML) {
$translation_table=get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
$translation_table[chr(38)] = '&';
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($myHTML, $translation_table));
}
defrostdj at defrostdj dot com
25-Jul-2003 12:10
Here you have a character map function ;)
<?php
function htmldecode($encoded, $char = 'HTML_SPECIALCHARS') {
foreach($encoded as $key => $value){
echo $value .' --> ';
if ($char == 'HTML_SPECIALCHARS') {
echo htmlspecialchars($value);
} else {
echo htmlentities($value);
}
echo '>br<';
}
}
echo 'ENTITIES<>br<><>br<>';
$entities = get_html_translation_table (HTML_ENTITIES);
htmldecode($entities, 'HTML_ENTITIES');
echo '<>br<>SPECIAL CHARACTERS<>br<><>br<>';
$specialchars = get_html_translation_table (HTML_SPECIALCHARS);
htmldecode($specialchars, 'HTML_SPECIALCHARS');
?>
So next time you're developing you'll always have a charmap ready to use.
webwurst at web dot de
29-Jun-2003 12:20
This function changes all entities to unicode-entities.
For example '<' becomes '<', '' becomes '©', etc.
function xmlentities($string, $quote_style=ENT_COMPAT)
{
$trans = get_html_translation_table(HTML_ENTITIES, $quote_style);
foreach ($trans as $key => $value)
$trans[$key] = '&#'.ord($key).';';
return strtr($string, $trans);
}
Anthony Aragues
24-Jun-2003 04:24
I found in a previous not the function for encoding the input... which worked great, but it also encoded the   and <br> that was being automatically added in my POST, so I created and Output function to go with it that worked for me:
function VerbatimInput($String)
{
$Output = mysql_escape_string(htmlentities(addslashes($String)));
return $Output;
}
function VerbatimOutput($Input)
{
$Output = str_replace("<br />", "<br>", "$Input");
$Output = str_replace("&nbsp;", " ", "$Output");
return $Output;
}
rob at neorosa dot com
28-Feb-2003 08:12
This function will encode everything, either using ascii values or special entities:
function encode_everything($string){
$encoded = "";
for ($n=0;$n<strlen($string);$n++){
$check = htmlentities($string[$n],ENT_QUOTES);
$string[$n] == $check ? $encoded .= "&#".ord($string[$n]).";" : $encoded .= $check;
}
return $encoded;
}
so you can use:
$emailAddress = encode_everything($emailAddress);
to protect an email address - although I imagine it's not a great deal of protection.
Bassie (:
05-Jan-2003 04:07
Note that you'll have use htmlentities() before any other function who'll edit text like nl2br().
If you use nl2br() first, the htmlentities() function will change < br > to <br>.
kumar at chicagomodular.com
28-Oct-2002 05:51
without heavy scientific analysis, this seems to work as a quick fix to making text originating from a Microsoft Word document display as HTML:
function DoHTMLEntities ($string)
{
$trans_tbl = get_html_translation_table (HTML_ENTITIES);
// MS Word strangeness..
// smart single/ double quotes:
$trans_tbl[chr(145)] = '\'';
$trans_tbl[chr(146)] = '\'';
$trans_tbl[chr(147)] = '"';
$trans_tbl[chr(148)] = '"';
// :
$trans_tbl[chr(142)] = 'é';
return strtr ($string, $trans_tbl);
}
| |
html_entity_decode