public static function String::format

Formats a string for HTML display by replacing variable placeholders.

This function replaces variable placeholders in a string with the requested values and escapes the values so they can be safely displayed as HTML. It should be used on any unknown text that is intended to be printed to an HTML page (especially text that may have come from untrusted users, since in that case it prevents cross-site scripting and other security problems).

In most cases, you should use t() rather than calling this function directly, since it will translate the text (on non-English-only sites) in addition to formatting it.

Parameters

$string: A string containing placeholders.

$args: An associative array of replacements to make. Occurrences in $string of any key in $args are replaced with the corresponding value, after optional sanitization and formatting. The type of sanitization and formatting depends on the first character of the key:

  • @variable: Escaped to HTML using String::checkPlain(). Use this as the default choice for anything displayed on a page on the site.
  • %variable: Escaped to HTML and formatted using String::placeholder(), which makes it display as <em>emphasized</em> text.
  • !variable: Inserted as is, with no sanitization or formatting. Only use this for text that has already been prepared for HTML display (for example, user-supplied text that has already been run through String::checkPlain() previously, or is expected to contain some limited HTML tags and has already been run through filter_xss() previously).

Return value

mixte The formatted string with placeholders inserted, or FALSE if no args specified.

See also

t()

Related topics

Sanitization functions
Functions to sanitize values.
10 calls to String::format()
AggregatorRenderingTest::testFeedPage in drupal/core/modules/aggregator/lib/Drupal/aggregator/Tests/AggregatorRenderingTest.php
Creates a feed and checks that feed's page.
ConfigTestController::edit in drupal/core/modules/config/tests/config_test/lib/Drupal/config_test/ConfigTestController.php
Presents the ConfigTest edit form.
ConfigTestDeleteForm::submitForm in drupal/core/modules/config/tests/config_test/lib/Drupal/config_test/Form/ConfigTestDeleteForm.php
Form submission handler.
format_string in drupal/core/includes/bootstrap.inc
Formats a string for HTML display by replacing variable placeholders.
StringTest::testFormat in drupal/core/tests/Drupal/Tests/Component/Utility/StringTest.php
Tests string formatting with String::format().

... See full list

File

drupal/core/lib/Drupal/Component/Utility/String.php, line 89
Contains \Drupal\Component\Utility\String.

Class

String
Provides helpers to operate on strings.

Namespace

Drupal\Component\Utility

Code

public static function format($string, array $args = array()) {

  // Transform arguments before inserting them.
  foreach ($args as $key => $value) {
    switch ($key[0]) {
      case '@':

        // Escaped only.
        $args[$key] = static::checkPlain($value);
        break;
      case '%':
      default:

        // Escaped and placeholder.
        $args[$key] = static::placeholder($value);
        break;
      case '!':
    }
  }
  return strtr($string, $args);
}