(PHP 5 >= 5.1.0, PHP 7, PHP 8)
htmlspecialchars_decode — Convert special HTML entities back to characters
$string, int $flags = ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401): string This function is the opposite of htmlspecialchars() . It converts special HTML entities back to characters.
The converted entities are: &,
" (when ENT_NOQUOTES is not set),
' (when ENT_QUOTES is set),
< and >.
stringThe string to decode.
flags
A bitmask of one or more of the following flags, which specify how to handle quotes and
which document type to use. The default is ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401.
| Constant Name | Description |
|---|---|
ENT_COMPAT |
Will convert double-quotes and leave single-quotes alone. |
ENT_QUOTES |
Will convert both double and single quotes. |
ENT_NOQUOTES |
Will leave both double and single quotes unconverted. |
ENT_SUBSTITUTE |
Replace invalid code unit sequences with a Unicode Replacement Character U+FFFD (UTF-8) or � (otherwise) instead of returning an empty string. |
ENT_HTML401 |
Handle code as HTML 4.01. |
ENT_XML1 |
Handle code as XML 1. |
ENT_XHTML |
Handle code as XHTML. |
ENT_HTML5 |
Handle code as HTML 5. |
Returns the decoded string.
| Version | Description |
|---|---|
| 8.1.0 |
flags changed from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401 .
|
Example #1 A htmlspecialchars_decode() example
<?php
$str = "<p>this -> "</p>\n";
echo htmlspecialchars_decode($str);
// note that here the quotes aren't converted
echo htmlspecialchars_decode($str, ENT_NOQUOTES);
?>The above example will output:
<p>this -> "</p> <p>this -> "</p>
The example for "htmlspecialchars_decode()" below sadly does not work for all PHP4 versions.
Quote from the PHP manual:
"get_html_translation_table() will return the translation table that is used internally for htmlspecialchars() and htmlentities()."
But it does NOT! At least not for PHP version 4.4.2.
This was already reported in a bug report (http://bugs.php.net/bug.php?id=25927), but it was marked as BOGUS.
Proof:
Code:
--------------------
<?php
var_dump(get_html_translation_table(HTML_SPECIALCHARS,ENT_QUOTES));
var_dump(htmlspecialchars('\'',ENT_QUOTES));
?>
--------------------
Output:
--------------------
array
'"' => '"'
''' => '''
'<' => '<'
'>' => '>'
'&' => '&'
'''
--------------------
This comment now is not to report this bug again (though I really believe it is one), but to complete the example and warn people of this pitfall.
To make sure your htmlspecialchars_decode fake for PHP4 works, you should do something like this:
<?php
function htmlspecialchars_decode($string,$style=ENT_COMPAT)
{
$translation = array_flip(get_html_translation_table(HTML_SPECIALCHARS,$style));
if($style === ENT_QUOTES){ $translation['''] = '\''; }
return strtr($string,$translation);
}
?>
Br, ThomasThis should be the best way to do it.
(Reposted because the other one seems a bit slower and because those who used the code under called it htmlspecialchars_decode_php4)
<?php
if ( !function_exists('htmlspecialchars_decode') )
{
function htmlspecialchars_decode($text)
{
return strtr($text, array_flip(get_html_translation_table(HTML_SPECIALCHARS)));
}
}
?>that works also with ä and " and so on.
get_html_translation_table(HTML_ENTITIES) => offers more characters than HTML_SPECIALCHARS
function htmlspecialchars_decode_PHP4($uSTR)
{
return strtr($uSTR, array_flip(get_html_translation_table(HTML_ENTITIES, ENT_QUOTES)));
}