1.htmlspecialchars只轉化下面這幾個html代碼
‘&’ (ampersand) becomes ‘&’
‘”‘ (double quote) becomes ‘”‘ when ENT_NOQUOTES is not set.
”’ (single quote) becomes ”’ only when ENT_QUOTES is set.
‘<’ (less than) becomes ‘<’
‘>’ (greater than) becomes ‘>’
2.htmlentities 會轉化所有的html代碼,若字串中只有英文、數字則兩個函式結果相同,若是其中含有無法識別的中文字結果就不同了,中文字也會被轉換了。
一個簡單的例子來做比較:
<?php
$str='<a href="test.html">測試頁面</a>';
echo htmlentities($str);
echo "<br>";
echo htmlspecialchars($str);
?>
輸出結果如下:
<a href="test.html">測試é ?é?¢</a>
<a href="test.html">測試頁面</a>