PHP - htmlspecialchars and UTF-8

php utf-8 htmlspecialchars
Lizard picture Lizard · Dec 3, 2009 · Viewed 10.3k times · Source

I am just trying to confirm something with htmlspecialchars. I have just converted my database into UTF-8, and I think I finally have it all working, but throughout my code I have used the PHP htmlspecialchars function:

htmlspecialchars($val, ENT_QUOTES,'ISO-8859-1',false);

Do I need to worry about changing all the entries to:

htmlspecialchars($val, ENT_QUOTES,'UTF-8',false);

The PHP documention suggests I don't need to, but is that true?

For the purposes of this function, the charsets ISO-8859-1, ISO-8859-15, UTF-8, cp866, cp1251, cp1252, and KOI8-R are effectively equivalent, as the characters affected by htmlspecialchars() occupy the same positions in all of these charsets.

Answer

VolkerK picture VolkerK · Dec 3, 2009

All characters "handled" by htmlspecialchars() are in the 7-bit/US ASCII range. And those are identical (and unmistakable) in the mentioned encodings. So yes, it will do no harm if you don't change the encoding parameter. But I'd encourage you to do so anyway.

Related questions

htmlspecialchars utf-8 returns empty string

I'm doing a .php RSS generator and I have a problem trying to get data from my database in this line: <description><![CDATA[<?=htmlspecialchars(utf8_substr($row['texto'], 0, 100), ENT_QUOTES, 'utf-8') ?>...]]></description&…

Read More
SET NAMES utf8 in MySQL?

I often see something similar to this below in PHP scripts using MySQL query("SET NAMES utf8"); I have never had to do this for any project yet so I have a couple basic questions about it. Is this something …

Read More
Detect encoding and make everything UTF-8

I'm reading out lots of texts from various RSS feeds and inserting them into my database. Of course, there are several different character encodings used in the feeds, e.g. UTF-8 and ISO 8859-1. Unfortunately, there are sometimes problems with …

Read More