Escape only single quotes (leave double quotes alone) with htmlspecialchars()

php escaping htmlspecialchars
Luke Shaheen picture Luke Shaheen · May 14, 2012 · Viewed 11.6k times · Source

I know there are other ways of of escaping only single quotes (such as this answer), but it appears to me that there should be a way using htmlspecialchars().

According to the manual, it should be some combination of their constants, but based on their explanations, I don't see it.

Is it possible to escape only single quotes, leaving the double quotes alone, with htmlspecialchars()?

Answer

Norse picture Norse · May 14, 2012 
str_replace("'", "\\'", $string);

There.

Or, use ENT_QUOTES

htmlspecialchars($string, ENT_QUOTES);

Related questions

filter_var vs htmlentities vs htmlspecialchars

Disclaimer This is not a question about whether we should be escaping for database input. This is strictly looking at the technical differences between the three functions in the title. There is this question discussing the difference between htmlentities() and …

Read More
Pass a PHP string to a JavaScript variable (and escape newlines)

What is the easiest way to encode a PHP string for output to a JavaScript variable? I have a PHP string which includes quotes and newlines. I need the contents of this string to be put into a JavaScript variable. …

Read More
Escaping single quote in PHP when inserting into MySQL

I have a perplexing issue that I can't seem to comprehend... I have two SQL statements: The first enters information from a form into the database. The second takes data from the database entered above, sends an email, and then …

Read More