- htmlentities: documentation ( source)
- html_entity_decode: documentation ( source)
<?php
$encoded = htmlentities("Hey I am a nefarious hacker! Look at my brackets! <script>HAHAHA</script>!");
$decoded = html_entity_decode($encoded);
echo "This is what's sent in the html source... so the browser doesn't actually recognize it as a script.\n";
echo $encoded;
echo "\n\nThis is what it looks like on screen to the user.\n";
echo $decoded;
?>