PHP Function htmlspecialchars_Decode
When dealing with string data it is often necessary to escape special characters. This is especially true for data that comes from external sources like user input. PHP's built-in htmlspecialchars_decode function makes this job easy by converting special characters into HTML entities. The goal is to prevent XSS attacks (cross-site scripting) in which a bad actor would try to inject code into your website. With htmlspecialchars_decode most of these malicious characters will be converted to HTML entities which will prevent the browser from blindly executing this code.
htmlspecialchars_decode() function takes a string and some optional parameters that determine how it will handle quotes, invalid encodings and which document type to use. The flags are quite important because they allow you to alter the behavior of the function making it super useful.
The first parameter is the string to decode. The rest of the optional parameters are a bitmask that allows you to select how the function will handle certain situations.
For example the ENT_COMPAT option will convert double quotes but leave single quotes unconverted. The ENT_NOQUOTES option will not convert any quotes and ENT_HTML401, ENT_HTML5, ENT_XML1 will handle the string according to the specified document type.
oXygen is the leading XML Editor for editing, validating and transforming XML documents and XSL/XPath files. It offers support for a wide range of XML technologies including XML Schema, DTD, Relax NG, XPath and XSLT. Download a free trial today.