- htmlentities: documentation ( source)
- html_entity_decode: documentation ( source)
<?php
$encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!");
$decoded = html_entity_decode($encoded);
echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.";
echo $encoded;
echo "This is what it looks like on screen to the user.";
echo $decoded;
?>