beginner

What is the purpose of the htmlspecialchars function in PHP?

It converts special characters to HTML entities to prevent code injection and display text safely in HTML.

Click to reveal answer

beginner

Which characters does htmlspecialchars convert by default?

It converts & (ampersand), < (less than), > (greater than), and " (double quote).

Click to reveal answer

intermediate

What is the difference between htmlspecialchars and htmlentities?

htmlspecialchars converts only special HTML characters, while htmlentities converts all applicable characters to HTML entities.

Click to reveal answer

beginner

How do you use htmlspecialchars to safely display user input in HTML?

Wrap the user input with htmlspecialchars($input, ENT_QUOTES, 'UTF-8') before outputting it.

Click to reveal answer

intermediate

Why is it important to specify the character encoding like 'UTF-8' in htmlspecialchars?

Specifying encoding ensures correct conversion of characters and prevents security issues related to character misinterpretation.

Click to reveal answer

What does htmlspecialchars('<script>alert(1)</script>') output?

A&lt;script>alert(1)&lt;/script>

B<script>alert(1)</script>

C&lt;script&gt;alert(1)&lt;/script&gt;

Dalert(1)

Which flag makes htmlspecialchars convert single quotes as well?

AENT_QUOTES

BENT_NOQUOTES

CENT_COMPAT

DENT_IGNORE

Why should you escape output with htmlspecialchars when displaying user input?

ATo make the text bold

BTo prevent HTML injection and XSS attacks

CTo compress the text

DTo change the font color

What happens if you don't specify the encoding in htmlspecialchars?

AIt may cause incorrect character conversion and security risks

BIt throws an error

CIt defaults to UTF-8 safely

DIt converts all characters to uppercase

Which of these is NOT converted by default by htmlspecialchars?

A&

B<

C>

D'

Explain why and how you use htmlspecialchars when showing user input on a webpage.

Describe the difference between htmlspecialchars and htmlentities.