function check_plain

Encodes special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.


string $text: The text to be checked or processed.

Return value

string An HTML safe version of $text. If $text is not valid UTF-8, an empty string is returned and, on PHP < 5.4, a warning may be issued depending on server configuration (see

See also


Related topics

188 calls to check_plain()
aggregator_block_view in modules/aggregator/aggregator.module
Implements hook_block_view().
aggregator_categorize_items in modules/aggregator/
Form constructor to build the page list form.
aggregator_form_feed in modules/aggregator/
Form constructor for adding and editing feed sources.
block_admin_display_form in modules/block/
Form constructor for the main block administration form.
block_form_user_profile_form_alter in modules/block/block.module
Implements hook_form_FORM_ID_alter() for user_profile_form().

... See full list

11 string references to 'check_plain'
aggregator_form_opml in modules/aggregator/
Form constructor for importing feeds from OPML.
block_admin_configure in modules/block/
Form constructor for the block configuration form. in includes/
Functions that need to be loaded on every Drupal request.
filter_admin_format_form in modules/filter/
Form constructor for the text format add/edit form.
filter_admin_overview in modules/filter/
Page callback: Form constructor for a form to list and reorder text formats.

... See full list


includes/, line 1910


function check_plain($text) {
    return htmlspecialchars((string) $text, ENT_QUOTES, 'UTF-8');

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.