PHP is there a built-in function to render ' as ’ etc

Question

is there a built-in function to render characters like ' as identities (’) ?

also, is it unsafe to output raw characters (e.g ') in the html?

thanks.

score 3 · Accepted Answer · answered Jan 22 '10 at 17:03

3

Try htmlentities():

htmlentities("'", ENT_QUOTES, 'UTF-8', true);

Regarding your second question, yes (as a general rule).

To output user input / raw input you should always use htmlspecialchars() at least.

answered Jan 22 '10 at 17:03

Alix Axel

score 2 · Answer 2 · answered Jan 22 '10 at 17:05

You're looking for htmlentities(). It will translate any character that has a HTML character entity equivalent.

It is not unsafe to output raw characters in your HTML, although there are a couple of caveats to that:

It could produce invalid HTML if you are outputting them inside document entities or attributes.
If it is user input, then it needs to be sanitized to prevent possible cross-site scripting (XSS) attacks.

2 Answers2