Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In the last movie, we saw how to use PHP to encode values for use in the url string. And that's because there's certain characters that have special meaning when they're used in the url. There's another place where we have to watch out for reserved characters, to make sure we don't end up with unintended consequences. And that's in the HTML. Here's a sample block of HTML. Now, there are reserved characters in HTML that have special meaning. Most notably, the less than and greater than signs that surround the HTML tags. These characters indicate to HTML that everything inside here is an instruction for UHTML. This is something that you should follow, and use for your formatting. But don't output it to the end user.
They won't actually see The results of those tags. It's just for the HTML's benefit. We want to take care that we don't output strings with characters that have special meaning to HTML, or we'll break the HTML or break our text. Imagine, for example, that in our paragraph of text there, we had a literal less than sign that we wanted to downput to the screen. As HTML is reading it, it's going to come across that less than sign and think that that's the beginning of a tag. And it will interpret everything after that as being part of a tag until it gets to a closing greater than sign. So you can see how it would break it.
There are 4 characters that are reserved characters in HTML. They're the less than sign, the greater than sign, the ampersand, and the double quote. Mostly it's going to be the less than and greater than sign that we're most concerned with. But we're going to go ahead and take care of all four of these. So that they don't cause problems for us. Now the way that we'll do that is we're going to encode them. It's the same strategy that we used with the URL string. But it's completely different. Different set of characters, different encoding. But the idea is the same. We're rendering them harmless. When we encode them for HTML we're going to do the encoding differently.
We're going to encode them into their HTML character entities. You may remember from HTML there's these character entities. They're defined by an amperstand at the beginning, an semicolon at the end and some abbreviation in the middle to indicate what character it is. HTML sees these and displays them correctly to the user, but it didn't know the difference between the encoded entity and the regular symbol. So, for example, less than sign becomes $lt;. HTML sees $lt; and outputs to the user a <, but it does not then see that < as being part of the tag.
We can encode HTML using two functions of PHP. The first one we'll look at is HTML special chars short for characters. And the other one is HTML entities. So lets try them both. So to start with lets open up basic .HTML. Let's use Save As and we'll save this as HTML encoding.PHP. There we go, HTML encoding. Now, let's first illustrate the problem. Let's say that we have a link. A href equals and inside that link we're going have text and that text is going to say Click inside less than, greater than signs and learn more. That's the text that we would like to output to the user. We would like the user to see that literal text but HTML is going to come along and it's going to read this and going to say wait a minutes. This is a less than sign.
This must be the begining of a tag. When it gets to the greater than sign, it's going to say Okay that must be the end of the tag. So, therefore this must be a tag. This is an instruction for me. Not part of the text. Let's see what that looks like. Let's save it. Come back over here. HTML encoding.PHP. And notice that click, doesn't show up, because tags don't show up. We don't see a body tag, we don't see an "A" tag, those are just instructions for HTML. So, it thinks that's what this is and it doesn't output it to the user. Even worse, let's take away the second one, let's save it again.
Now HTML is going to read it and think that all of this is one tag. All the way, until it gets to the greater than sign again. Reload the page, and you'll see that, sure enough, nothing now outputs. So this can cause a lot of problems for us. So what we need to do is encode it. We're going to use our PHP to do that. So let's start with PHP and we'll have linked text equals, and then I'm just going to take all of this and cut it and drop it into a string here. And then we'll output it using PHP Linktext. Now I haven't done anything different here except move the code into PHP.
That's it. Theres no encoding happening, we could reload the page and we'd see the exact same thing. Now though, let's try encoding and we're going to use that HTML special chars. What that's going to do is encode those four special characters for us. We've got three of those here. We've got the less than, we've got the greater than, and we've got the ampersand. Now, notice this does the encoding. It's not going to actually output them for us. We still need to have the echo, very important. So let's save it, let's go back and look at it. And sure enough, that's exactly what we expected.
That's the length that we wanted users to see on the screen. We wanted them to see the less than sign. If we go to Tools > Web Developer > Page Source, here we are, you can see that it converted them to their character entities. See how that works? That rendered them harmless. HTML was able to see that that was different than an instruction that it should process. Now there's also another function called HTML special characters decode. If you ever needed to decode it for any reason. But we typically don't, because if we're just outputting it to HTML, it's built into the HTML to do that decoding for us. To decode character entities into something that we can send back to the user, that's built in.
So that's really all there is to HTML special chars. Lets talk about HTML entities. It works just like HTML special chars does, but the difference is that all characters that have an equivalent HTML entity are translated into those entities. HTML special chars just does those four. But there's a lot of HTML character entities, bullets in dashes, trademark symbols, copyright symbols, foreign currency symbols, accident characters. All of those have HTML entities. Lets try an example with those real quick. I'm going to come back over here. I'll make a br tag.
And lets do a new block of PHP. And in it, I'm just going to put text equals and I'm going to put some special characters in here. I got the trademark symbol, the pound, the bullet, an opening curly double quote, and in dash and accinity. Those are just a few, you can try typing others yourself. So to start with, let's just echo back text. To just see what that looks like. So I'll go back over here, and we'll reload the page. Look at that, It gave me some gobbledygook, right? Not at all what I intended. Those are not the characters that I had in mind.
These are called high ASCII characters and they're handled a little differently. But, if we use our HTML entinties on it, It will now grab all of those and encode them into their HTML entity equivalent. Let's come back over here. Reload the page. And there you go. Now we see we have the correct ones. And sure enough if you go to View Page Source, you'll see that it's converted them all into their equivalent entities. So, HTML entites does more than HTML special characters does. It does not just those four, it does all of them. HTML special charts are the ones that you really have to do so that you don't break your page. HTML entities are the one that you're going to want to do just to have nice looking text.
So that's the kind of thing if you have a paragraph, and it might include some of these characters, then HTML entities would be an appropriate thing to use there. But not doing it won't break your HTML, it just might make your text look a little funny. Alright, so now that we know about URL encoding, and we know about HTML encoding. I want us to take a look at how this all fits together, because it's important to understand how the two work in conjunction. I'm going to give you just a big block here, laying out the differences, what to use when. So I'm going to have a URL page. A simple URL, then I'm going to have a parameter, and that parameter is going to have some characters in it that HTML doesn't like.
Then I'm going to have parameter 2, which has some characters that the URL string doesn't like. And then link text is going to be the same thing we just had. Click and learn more. So let's construct a URL from that. We're going to take the base of the URL. We're going to append to that, raw URL encoded, the URL page. Everything that goes to the left of the question mark uses raw URL encode. Everything that goes to the right of the question mark is going to get just URL encoded. So we do that to both of our parameters. At this point now our variable, URL, is safe to put into the query string. It's okay to use as a URL.
We can use it for our link. And it won't break the URL string. But it's not necessarily safe for the HTML. And we're about to output it into the HTML. Well, if we just echoed it into our href attribute then it could cause a problem, and break our HTML. Depending on what characters are there. So we also need to use HTML special chars here to make sure that it is not going to break the html when the link is first displayed, before it's clicked on. Up here we've taken care of after it's clicked on. This takes care of it before it's clicked on.
And the the text that we're going to use, we also want to use html special chars on.
And of course, we want to echo it both times.
So let's save it. Let's come back over here Let's reload
the page. let me just put a
tag up here to make it look a little nicer. There we go. Click & learn more, and that link won't go anywhere because that page doesn't exist, but you can see it at the bottom. You can see what it's going to load up. And you can see that it's perfectly safe, that this is going to be perfectly fine. It has encoded all of them that it needs for the URL string. So it's important to keep the differences straight and to understand why you're doing each one. You need to make sure that the URL is going to be safe. And then, if you're going to put it into your HTML, you want to make sure that it's safe to put it in your HTML as well.
Get unlimited access to all courses for just $25/month.Become a member
82 Video lessons · 97398 Viewers
61 Video lessons · 84633 Viewers
71 Video lessons · 68840 Viewers
56 Video lessons · 101296 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Your file was successfully uploaded.