PHP is a language that is highly associated with outputting HTML so that the output is shown properly in a browser. If you send the browser text with no context and no concerns for whether it is in HTML format the results are problematic and hard to predict. To format text into HTML there are many conversions that may be needed. A simple example would be converting newlines to <br /> tags. There is a well know PHP function for that of course, nl2br(). If your text uses < somewhere it also needs to be converted since HTML browsers would think it is the start of a tag. < is the correct representation of < in HTML.
echo htmlspecialchars('In "real" math, 5 < 5.1');
This would display the text as shown above in a browser. htmlspecialchars() converts quotes and the < symbol to their proper HTML representations. Without htmlspecialchars() in the above statement the part after 5 would probably be invisible. The PHP manual describes what characters htmlspecialchars() replaces:
‘&’ (ampersand) becomes ‘&‘
‘”‘ (double quote) becomes ‘"‘ when ENT_NOQUOTES is not set.
“‘” (single quote) becomes ‘'‘ only when ENT_QUOTES is set.
‘<‘ (less than) becomes ‘<‘
‘>’ (greater than) becomes ‘>‘
htmlentities() is a function that will often have the same results, but there are many more special characters that are converted since it is intended to be a full conversion.
echo htmlentities('Â© < Â¼ >');
htmlentities() will change the Â© into © and the Â¼ into ¼. It is definately handy to keep these conversion routines in mind and to be careful about converting to the right type when needed.
echo html_entity_decode('<form method="post" action="/search.php" id="topsearch">');
html_entity_decode() makes html entities like those created by htmlentities() into “normal” text. The above example results in:
<form method=”post” action=”/search.php” id=”topsearch”>