PHP Function htmlspecialchars_Decode

When dealing with string data it is often necessary to escape special characters. This is especially true for data that comes from external sources like user input. PHP's built-in htmlspecialchars_decode function makes this job easy by converting special characters into HTML entities. The goal is to prevent XSS attacks (cross-site scripting) in which a bad actor would try to inject code into your website. With htmlspecialchars_decode most of these malicious characters will be converted to HTML entities which will prevent the browser from blindly executing this code.

htmlspecialchars_decode() function takes a string and some optional parameters that determine how it will handle quotes, invalid encodings and which document type to use. The flags are quite important because they allow you to alter the behavior of the function making it super useful.

The first parameter is the string to decode. The rest of the optional parameters are a bitmask that allows you to select how the function will handle certain situations.

For example the ENT_COMPAT option will convert double quotes but leave single quotes unconverted. The ENT_NOQUOTES option will not convert any quotes and ENT_HTML401, ENT_HTML5, ENT_XML1 will handle the string according to the specified document type.

oXygen is the leading XML Editor for editing, validating and transforming XML documents and XSL/XPath files. It offers support for a wide range of XML technologies including XML Schema, DTD, Relax NG, XPath and XSLT. Download a free trial today.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

htmlspecialchars_decode example



            if (!empty($row['detail_translation_fallback'])) {
                $translation = $this->sMapTranslation('detail', $row['detail_translation_fallback']);
                $row = array_merge($row$translation);
            }
            if (!empty($row['detail_translation'])) {
                $translation = $this->sMapTranslation('detail', $row['detail_translation']);
                $row = array_merge($row$translation);
            }

            $row['name'] = htmlspecialchars_decode($row['name']);
            $row['supplier'] = htmlspecialchars_decode($row['supplier']);

            // Cast it to float to prevent the division by zero warning             $row['purchaseunit'] = (float) $row['purchaseunit'];
            $row['referenceunit'] = (float) $row['referenceunit'];
            if (!empty($row['purchaseunit']) && !empty($row['referenceunit'])) {
                $row['referenceprice'] = Shopware()->Modules()->Articles()->calculateReferencePrice(
                    (float) $row['price'],
                    $row['purchaseunit'],
                    $row['referenceunit']
                );
            }
if ( stripos( $html$linktype ) ) {
                    $tagfound = true;
                    break;
                }
            }

            if ( $tagfound && preg_match_all( '#<link([^<>]+)/?>#iU', $html$links ) ) {
                foreach ( $links[1] as $link ) {
                    $atts = shortcode_parse_atts( $link );

                    if ( ! empty( $atts['type'] ) && ! empty( $linktypes[ $atts['type'] ] ) && ! empty( $atts['href'] ) ) {
                        $providers[ $linktypes[ $atts['type'] ] ] = htmlspecialchars_decode( $atts['href'] );

                        // Stop here if it's JSON (that's all we need).                         if ( 'json' === $linktypes[ $atts['type'] ] ) {
                            break;
                        }
                    }
                }
            }
        }

        // JSON is preferred to XML.
foreach ($product->getMedia() as $image) {
                    if ($image->getId() !== $product->getCover()->getId()) {
                        $data['images'][] = $this->legacyStructConverter->convertMediaStruct($image);
                    }
                }
            }
        }

        $data = array_merge($data$this->getLinksOfProduct($product$categoryId, !empty($selection)));

        $data['articleName'] = $this->sOptimizeText($data['articleName']);
        $data['description_long'] = htmlspecialchars_decode($data['description_long']);

        $data['mainVariantNumber'] = $this->db->fetchOne(
            'SELECT variant.ordernumber FROM s_articles_details variant INNER JOIN s_articles product ON product.main_detail_id = variant.id AND product.id = ?',
            [$product->getId()]
        );

        $data['sDescriptionKeywords'] = $this->getDescriptionKeywords(
            
          // we can control any special formatting of the grouping field through           // the admin or theme layer or anywhere else we'd like.           if (isset($this->view->field[$field])) {
            $group_content = $this->getField($index$field);
            if ($this->view->field[$field]->options['label']) {
              $delimiter = $this->view->field[$field]->options['element_label_colon'] ? ': ' : ' ';
              $group_content = $this->view->field[$field]->options['label'] . $delimiter . $group_content;
            }
            if ($rendered) {
              $grouping = (string) $group_content;
              if ($rendered_strip) {
                $group_content = $grouping = strip_tags(htmlspecialchars_decode($group_content));
              }
            }
            else {
              $grouping = $this->getFieldValue($index$field);
              // Not all field handlers return a scalar value,               // e.g. views_handler_field_field.               if (!is_scalar($grouping)) {
                $grouping = hash('sha256', serialize($grouping));
              }
            }
          }

          

        // This fix prevents an exception if the search term includes an character that can not be         // displayed with the database charset.         // This fix can be removed if all tables are set to utf8mb4_unicode_ci.
        // converts encoded characters back ('%a5%27' to '?')         $term = mb_convert_encoding($term, 'UTF-8');
        // does the replacing of 4byte chars to the Unicode replacement character         $term = (string) preg_replace('/[\xF0-\xF7].../s', '�', $term);

        // we have to strip the / otherwise broken urls would be created e.g. wrong pager urls         $term = trim(strip_tags(htmlspecialchars_decode(stripslashes($term))));

        return str_replace('/', ' ', $term);
    }
}
Home | Imprint | This part of the site doesn't use cookies.