Current Location: Home> Latest Articles> How to Decode HTML Entities in Forms? Quickly Fix It with html_entity_decode

How to Decode HTML Entities in Forms? Quickly Fix It with html_entity_decode

gitbox 2025-09-02

What Are HTML Entities?

HTML entities are encoded forms of characters, usually starting with & and ending with ;. Common HTML entities include:

  • < corresponds to <

  • > corresponds to >

  • & corresponds to &

  • " corresponds to "

  •   corresponds to a space

These entities are often used to prevent certain characters from causing syntax errors or rendering issues in HTML. When form data is submitted via an HTTP request, these characters may be converted into entities to ensure proper transmission.

Why Do We Need to Decode HTML Entities?

When form data is submitted to the server, special characters are often escaped into HTML entities. While this escaping helps with security (preventing malicious script injections), sometimes we need to decode these entities to display the original content correctly. For example, if a user inputs HTML tags containing < and >, and they are escaped as < and >, we may want to decode them back to actual characters so the tags can be displayed properly.

How to Use html_entity_decode() to Decode HTML Entities?

html_entity_decode() is a built-in PHP function that converts HTML entities into their corresponding characters. Its basic usage is as follows:

<span><span><span class="hljs-variable">$string</span></span><span> = </span><span><span class="hljs-string">"Hello &amp;lt;world&amp;gt;!"</span></span><span>;  
</span><span><span class="hljs-variable">$decoded_string</span></span><span> = </span><span><span class="hljs-title function_ invoke__">html_entity_decode</span></span><span>(</span><span><span class="hljs-variable">$string</span></span><span>);  
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-variable">$decoded_string</span></span><span>;  
</span></span>

Output:

<span><span><span class="language-xml">Hello <span class="hljs-tag">&lt;<span class="hljs-name">world</span></span></span></span><span>&gt;!  
</span></span>

As shown above, html_entity_decode() converts < and > back into < and >.

Detailed Explanation of Parameters:

  • html_entity_decode($string, $flags, $encoding):

    • $string: The string containing HTML entities that need to be decoded.

    • $flags: An optional parameter controlling the decoding process. Common options include:

      • ENT_COMPAT (default): Decodes double quotes but not single quotes.

      • ENT_QUOTES: Decodes both double and single quotes.

      • ENT_NOQUOTES: Does not decode any quotes.

    • $encoding: An optional parameter that specifies character encoding, defaulting to UTF-8.

Example: Decode All Quotes

If you want to decode all HTML entities in a string, including both single and double quotes, you can use the ENT_QUOTES flag:

<span><span><span class="hljs-variable">$string</span></span><span> = </span><span><span class="hljs-string">"It&amp;apos;s a &amp;quot;great&amp;quot; day!"</span></span><span>;  
</span><span><span class="hljs-variable">$decoded_string</span></span><span> = </span><span><span class="hljs-title function_ invoke__">html_entity_decode</span></span><span>(</span><span><span class="hljs-variable">$string</span></span><span>, ENT_QUOTES);  
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-variable">$decoded_string</span></span><span>;  
</span></span>

Output:

<span><span>It</span><span><span class="hljs-symbol">&#039;s</span></span><span> a </span><span><span class="hljs-string">"great"</span></span><span> day!  
</span></span>

Application in Form Handling

Suppose you have a form where a user enters text containing HTML entities. Once submitted to the server, the data received may already be escaped as HTML entities. To properly display the form results, you’ll need to decode these entities. Using html_entity_decode() makes this easy.

Example: Handling Form Data

<span><span><span class="hljs-comment">// Assume submitted form data has already been escaped into HTML entities</span></span><span>  
</span><span><span class="hljs-variable">$submitted_data</span></span><span> = </span><span><span class="hljs-string">"Hello &amp;lt;strong&amp;gt;world&amp;lt;/strong&amp;gt;!"</span></span><span>;  
</span><span><span class="hljs-variable">$decoded_data</span></span><span> = </span><span><span class="hljs-title function_ invoke__">html_entity_decode</span></span><span>(</span><span><span class="hljs-variable">$submitted_data</span></span><span>);  
</span><span><span class="hljs-keyword">echo</span></span><span> </span><span><span class="hljs-variable">$decoded_data</span></span><span>;  
</span></span>

Output:

<span><span>Hello &lt;</span><span><span class="hljs-selector-tag">strong</span></span><span>&gt;world&lt;/</span><span><span class="hljs-selector-tag">strong</span></span><span>&gt;!  
</span></span>

By using html_entity_decode(), the escaped HTML entities are restored, and the content can be displayed correctly.

Conclusion

When working with forms, encoding and decoding HTML entities is a very common need, especially when handling user input. The html_entity_decode() function provides a simple and efficient way to convert HTML entities back to their corresponding characters, helping developers better control content rendering in form handling and data display.

By using html_entity_decode() properly, you can ensure that user-submitted text is displayed correctly after decoding, avoiding display issues or other problems caused by HTML entities.

  • Related Tags:

    HTML
Related
Latest Articles