Challenge - 5 Problems
HTML Specialchars Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ Predict Output
intermediate2:00remaining
What is the output of htmlspecialchars with ENT_QUOTES?
Consider the following PHP code snippet. What will it output?
PHP
<?php $input = "Tom & Jerry's <show>"; echo htmlspecialchars($input, ENT_QUOTES); ?>
Attempts:
2 left
💡 Hint
Remember ENT_QUOTES converts both double and single quotes.
✗ Incorrect
htmlspecialchars with ENT_QUOTES converts &, <, >, and both single and double quotes to HTML entities. Single quote becomes '.
❓ Predict Output
intermediate2:00remaining
Output of htmlspecialchars without flags parameter
What will this PHP code output?
PHP
<?php $text = '5 > 3 & 2 < 4'; echo htmlspecialchars($text); ?>
Attempts:
2 left
💡 Hint
Default flags convert &, <, and > but not quotes.
✗ Incorrect
By default, htmlspecialchars converts &, <, and > to entities but leaves quotes unchanged.
❓ Predict Output
advanced2:00remaining
What error occurs with invalid encoding in htmlspecialchars?
What happens when you run this PHP code?
PHP
<?php $input = "\xB1\x31"; echo htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); ?>
Attempts:
2 left
💡 Hint
Invalid byte sequences cause warnings in htmlspecialchars with UTF-8.
✗ Incorrect
If input contains invalid UTF-8 bytes, htmlspecialchars emits a warning about invalid byte sequence.
🧠 Conceptual
advanced2:00remaining
Why use htmlspecialchars instead of htmlentities?
Which reason best explains why htmlspecialchars is preferred over htmlentities for output escaping?
Attempts:
2 left
💡 Hint
Think about performance and readability.
✗ Incorrect
htmlspecialchars converts only &, <, >, and quotes, which is enough to prevent most XSS and keeps output readable and faster than htmlentities which converts many more characters.
❓ Predict Output
expert2:00remaining
How many characters are in the output of htmlspecialchars with ENT_NOQUOTES?
Given this PHP code, how many characters will the output string have?
PHP
<?php $input = "<a href='test'>Click & Learn</a>"; $output = htmlspecialchars($input, ENT_NOQUOTES); echo strlen($output); ?>
Attempts:
2 left
💡 Hint
Count how many characters are replaced and how many new characters each replacement adds.
✗ Incorrect
ENT_NOQUOTES converts &, <, > but leaves quotes unchanged. The input has 27 characters. '&' becomes '&' (5 chars), '<' becomes '<' (4 chars), '>' becomes '>' (4 chars). Counting replacements results in 33 characters total.