betterCode() PHP 2025

    htmlspecialchars_decode

    (PHP 5 >= 5.1.0, PHP 7, PHP 8)

    htmlspecialchars_decode Convert special HTML entities back to characters

    Description

    htmlspecialchars_decode(string $string, int $flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401): string

    This function is the opposite of htmlspecialchars(). It converts special HTML entities back to characters.

    The converted entities are: &, " (when ENT_NOQUOTES is not set), ' (when ENT_QUOTES is set), < and >.

    Parameters

    string

    The string to decode.

    flags

    A bitmask of one or more of the following flags, which specify how to handle quotes and which document type to use. The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.

    Available flags constants
    Constant Name Description
    ENT_COMPAT Will convert double-quotes and leave single-quotes alone.
    ENT_QUOTES Will convert both double and single quotes.
    ENT_NOQUOTES Will leave both double and single quotes unconverted.
    ENT_SUBSTITUTE Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or � (otherwise) instead of returning an empty string.
    ENT_HTML401 Handle code as HTML 4.01.
    ENT_XML1 Handle code as XML 1.
    ENT_XHTML Handle code as XHTML.
    ENT_HTML5 Handle code as HTML 5.

    Return Values

    Returns the decoded string.

    Changelog

    Version Description
    8.1.0 flags changed from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.

    Examples

    Example #1 A htmlspecialchars_decode() example

    <?php
    $str     = "<p>this -&gt; &quot;</p>\n";

    echo     htmlspecialchars_decode($str);

    // note that here the quotes aren't converted
    echo htmlspecialchars_decode($str, ENT_NOQUOTES);
    ?>

    The above example will output:

    <p>this -> "</p>
<p>this -> &quot;</p>

    See Also

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 3 notes

    up
    2
    thomas at xci[ignore_this]teit dot commm
    17 years ago
    The example for "htmlspecialchars_decode()" below sadly does not work for all PHP4 versions.

    Quote from the PHP manual:
    "get_html_translation_table() will return the translation table that is used internally for htmlspecialchars() and htmlentities()."

    But it does NOT! At least not for PHP version 4.4.2.
    This was already reported in a bug report (http://bugs.php.net/bug.php?id=25927), but it was marked as BOGUS.

    Proof:
    Code:
    --------------------
    <?php
    var_dump    (get_html_translation_table(HTML_SPECIALCHARS,ENT_QUOTES));
    var_dump(htmlspecialchars('\'',ENT_QUOTES));
    ?>
    --------------------

    Output:
    --------------------
    array
    '"' => '&quot;'
    ''' => '&#39;'
    '<' => '&lt;'
    '>' => '&gt;'
    '&' => '&amp;'

    '&#039;'
    --------------------

    This comment now is not to report this bug again (though I really believe it is one), but to complete the example and warn people of this pitfall.

    To make sure your htmlspecialchars_decode fake for PHP4 works, you should do something like this:

    <?php
    function htmlspecialchars_decode($string,$style=ENT_COMPAT)
    {
    $translation = array_flip(get_html_translation_table(HTML_SPECIALCHARS,$style));
    if(    $style === ENT_QUOTES){ $translation['&#039;'] = '\''; }
    return     strtr($string,$translation);
    }
    ?>

    Br, Thomas
    up
    0
    Anonymous
    19 years ago
    This should be the best way to do it.
    (Reposted because the other one seems a bit slower and because those who used the code under called it htmlspecialchars_decode_php4)

    <?php

    if ( !function_exists('htmlspecialchars_decode') )
    {
    function     htmlspecialchars_decode($text)
    {
    return     strtr($text, array_flip(get_html_translation_table(HTML_SPECIALCHARS)));
    }
    }

    ?>
    up
    -2
    or-k at or-k dot com
    20 years ago
    that works also with &auml; and &quot; and so on.
    get_html_translation_table(HTML_ENTITIES) => offers more characters than HTML_SPECIALCHARS

    function htmlspecialchars_decode_PHP4($uSTR)
    {
    return strtr($uSTR, array_flip(get_html_translation_table(HTML_ENTITIES, ENT_QUOTES)));
    }
    add a note
    To Top