Why does the PHP strip_tags () function delete data that is not tags? How to avoid this?

Question

Why does the PHP strip_tags () function delete data that is not tags? How to avoid this?

This code:

$input = 'I love <3 PHP!'; echo strip_tags($input);

Outputs:

 I love

Is there a PHP function (or any custom function) that removes only tags (which means correctly closed tags), and not all that are preceded by < ?

+4

php

Richard Rodriguez May 23 '13 at 10:44

source share

3 answers

Try htmlspecialchars , it will still show tags, but will be converted to html objects

+1

Reko May 23 '13 at 10:48

source share

Starting with PHP 5, the Tidy extension is usually available in most compiled binaries. This is not 100% effective, but can help you in this case. Tidy is trying to close all closed HTML tags in a string. With it closed, you could ignore the required tag. Then you will need to cut the end tag, which would be neat.

Typical Documentation

 $str = tidy("I <3 PHP"); // second param ignores the closed tag <3> $str = strip_tags($str, '<3>') $str = str_replace('<3>', '<3', $str); echo $str;

+1

David barker May 23 '13 at 10:55

source share

Quentin · Accepted Answer · 2013-05-23T10:48:27+0000

Why does the PHP strip_tags () function delete data that is not tags?

He is wrong on the security side.

How to avoid this?

If you expect text input, use htmlspecialchars to display the < (and several others) characters instead of deleting them.

Why does the PHP strip_tags () function delete data that is not tags? How to avoid this?

More articles: