,&, quotes and characters above 127 if (function_exists('mb_convert_encoding')) { $display_query = mb_convert_encoding($value, 'HTML-ENTITIES', 'UTF-8'); } else { // if no mbstring extension, we just strip characters $display_query = preg_replace("/[^\x01-\x7F]/", "", $value); } $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); ?>