If it can be stated very simply, is this the only difference between htmlspecialchars() and htmlentities() in PHP? htmlspecialchars() will change < > & " into the < etc and it will change ' into & #039; when ENT_QUOTES is set (a space is added here between & and # so that the forum won't render it as a single quote) On the other hand, htmlentities() will look for all possible ways to convert the characters into &[something]; such as é whenever it can. That is mainly to deal with non-English characters. And that's it. One more thing to note is that the string is assumed to be in ISO-8859-1 (as a default), which is 1 byte per character. http://en.wikipedia.org/wiki/ISO-8859-1#Codepage_layout If the string is actually in UTF-8, then maybe htmlspecialchars() and htmlentities() will behave the same, supposedly to be used with the 3rd argument as "UTF-8" when calling the function, and it will convert just those plain & < > " ' characters and not touch the international characters, since they are already taken to be UTF-8 characters by the browser.
i see. I wasn't sure what it meant by "HTML character entity equivalents" (the line "all characters which have HTML character entity equivalents are translated into these entities" seems quite abstract to me at first). so it actually means that any character that can be converted into the form of &[something]; such as ≡ or φ or © will be converted.
htmlspecialchars converts &, <, > and quotes depending on the quote style option set. htmlentities converts all characters that are in the HTML translation table of your PHP installation. To get your HTML translation table, run print_r(get_html_translation_table(HTML_ENTITIES));