How should I echo a PHP string variable that contains special characters?

Question

I'm trying to populate a form with some data that contains special characters (e.g. single quote, double quote,<,>,?,","".~,,!@#$%^&*()_+}{":?<<>,./;'[.] etc) :

<input type="text" name="message" size="200" maxlength="200"
 value =<?php echo $message;?>>

However, $message, which comes from a MySQL table, isn't displayed correctly - any HTML output that should be in $message is broken.

How do I do this properly?

Possible duplicate of [How to properly escape html form input default values in php?](http://stackoverflow.com/questions/6249151/how-to-properly-escape-html-form-input-default-values-in-php) — Paul Roub, Apr 15 '16 at 17:56

score 17 · Accepted Answer · answered Jun 17 '13 at 14:48

17

This will prevent your tags from being broken by the echo:

<?php echo htmlentities($message); ?>

answered Jun 17 '13 at 14:48

Alexandre Danault

8,602
3
30
33

score 10 · Answer 2 · edited May 23 '17 at 12:26

10

If you want to display it

echo htmlspecialchars($messge, ENT_QUOTES, 'UTF-8');

That's what I usually do.

Since the answers are difference:

htmlentities-vs-htmlspecialchars is worth checking out.

edited May 23 '17 at 12:26

Community

1
1

answered Jun 17 '13 at 14:49

Touch

1,481
10
19

score 2 · Answer 3 · answered Jun 17 '13 at 14:49

2

I normally use the following code, see htmlspecialchars

<?php echo htmlspecialchars($videoId, ENT_QUOTES | ENT_HTML5); ?>

answered Jun 17 '13 at 14:49

Hugo Delsing

13,803
5
45
72

score -1 · Answer 4 · answered Oct 23 '16 at 14:45

-1

whats wrong with using a constant ?

<?php
define(foo,'<,>,?,","".~,,!@#$%^&*()_+}{":?<<>,./;');
$foo2="'[.]";
echo constant('foo').$foo2;
?>

you need to put the '[.]' into a variable, as a constant will break on a ' (single quote).

answered Oct 23 '16 at 14:45

Degar007

107
1
5

How should I echo a PHP string variable that contains special characters?

4 Answers4

Linked