esc_html()
Escaping for HTML blocks. Converts <, >, &, ", ' characters to HTML entities.
| Character | Replacement |
|---|---|
& (Ampersand) |
& |
" (Double Quote) |
" |
' (Single Quote) |
' |
< (Less-than) |
< |
> (Greater-than) |
> |
The function also checks the text for an incorrect UTF-8 encoding and, if possible, fixes it.
If you need, on the contrary, decode the text: from HTML entities into characters, use wp_specialchars_decode()
If we pass an array to this function, the array will be destroyed:
$arr = array( 5, 6 ); $arr = esc_html( $arr ); // $arr is a string "Array"
The function is based on htmlspecialchars() and changes its default parameters, so htmlspecialchars() makes double encoding and esc_html() doesn't:
echo esc_html( '& - &' ); //> & - & echo htmlspecialchars( '& - &' ); //> & - &amp;
esc_html() is a replacement for deprecated function wp_specialchars().
Used By: esc_html__(), esc_html_e()
1 time — 0.000037 sec (very fast) | 50000 times — 0.27 sec (very fast) | PHP 7.0.2, WP 4.4.1
Hooks from the function
Returns
String. Converted text.
Usage
esc_html( $text );
- $text(string) (required)
- Raw text for conversion.
Examples
#1 Simple example
$text = "<p><b> This \"Makes Sense\" & 'Makes Sense'!</b></p>"; echo esc_html( $text ); /* result: <p><b> This "Makes Sense" & 'Makes Sense'!</b></p> */
Changelog
| Since 2.8.0 | Introduced. |
esc_html() esc html code WP 6.9.1
function esc_html( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
$safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
/**
* Filters a string cleaned and escaped for output in HTML.
*
* Text passed to esc_html() is stripped of invalid or special characters
* before output.
*
* @since 2.8.0
*
* @param string $safe_text The text after it has been escaped.
* @param string $text The text prior to being escaped.
*/
return apply_filters( 'esc_html', $safe_text, $text );
} 