htmlspecialchars - Sanitize
Sanitize your inputs:

This is an example of using the HTML 'Buttons'.
We here build a row of tabs, that shows different content when the separate buttons are clicked.
You can easily add buttons by adding more lines in the HTML code you find here.
I use this very code on all the pages here on the
In this example we don't use PHP, so that button have been left out. But the site generally presents code in the different web developing languages; HTML, CSS, Javascript and PHP.


htmlspecialchars - Sanitize your inputs

If you are to save some text in a database. And it may contain some HTML characters, then for your own sake, you should strip of those characters. Both cause they can result in a bad query when writing to the database. Also, if you let your users input text to your database, you should strip of special characters beofre the tyext is written to the DB.
You do it by using this code.
Then when you want to present the text from the database you can 'decode' the string, and get all you apostrophes, single and double quotes, and other characters looking to the way it is written, in the original text, as in the text these characters are converted into the HTML character codes.
Such charater codes can look like this; ' what is the HTML code for an apostrophe.
It will then when seen in the browser be shown as an apostrophe.


 HTML Special Characters

 As you see it just takes a single code to strip of the tags. This is built in to PHP, and its a useful code to use.
 The example show the basic use of the htmlspecialchars code.

   $string = "Here is an example of text <strong>with <U>HTML</U> tags.</strong>";
echo htmlspecialchars($string);
And here is the same string, when it have been through the htmlspecialchars code.
"Here is an example of text &lt;strong&gt;with &lt;U&gt;HTML&lt;/U&gt; tags.&lt;/strong&gt;";
 And in the browser it will be seen as this;

 Here is an example of text <strong>with <U>HTML</U> tags.</strong>

 Showing the HTML tags but not parsing them in the browser.

So, as you read above, about 'htmlspecialchars', your text will be converted from containing HTML tags, into the source code, meaning that f.ex < as the tags begin with, will become &lt;, that is the HTML charactercode for that character. (LessThan).
So the <strong> tag will look like this: &lt;strong&gt;
But it will in the browser be shown this way; <strong>

As your HTML codes will be converted, what can we then do to get it back to as it was written?
To get all this sourcode back, we use the other half of this htmlspecialchars PHP code. Its called 'htmlspecialchars_decode', and will do that - decode the encoded string.

So your source code that now looks like this;

Here is an example of text &lt;strong&gt;with &lt;U&gt;HTML&lt;/U&gt; tags.&lt;/strong&gt;

That can be converted back to having the real tags, as written. This will mean that the code now will not be shown as sourcecode but as genuine HTML tags, so the line will look this way then;
Here is an example of text with HTML tags.

Icons made by Freepik from This snippet is in two parts. First turn all tags and code into charatercodes, and then; decode them.