Menu
H
HomeA
AptitudeE
EnglishR
ReasoningD
DIG
GKC
Current AffairsI
Interview- Computer
C
Computer FundamentalsN
NetworkingS
SQLD
Database
- Programming
C
C ProgramJ
Java ProgramH
HTMLC
CSSJ
JavascriptP
PHP Program
- Engineering
C
Computer ScienceE
Electrical EngineeringM
Mechanical EngineeringC
Civil EngineeringC
- More
B
Banking AwarenessC
CommerceM
Management
A
Ask Question
- Home
- Aptitude
- English
- Reasoning
- DI
- GK
- Current Affairs
- Interview
- Computer
- Computer Fundamentals
- Networking
- SQL
- Database
- Programming
- C Program
- Java Program
- HTML
- CSS
- Javascript
- PHP Program
- Engineering
- Computer Science
- Electrical Engineering
- Mechanical Engineering
- Civil Engineering
- Chemical Engineering
- More
- Banking Awareness
- Commerce
- Management
- Ask Question
Join The Discussion
Related Questions on HTML Forms Handling
[PHP 4, PHP 5, PHP 7, PHP 8]
strip_tags — Strip HTML and PHP tags from a string
mariusz.tarnaski at wp dot pl ¶
13 years ago
Hi. I made a function that removes the HTML tags along with their contents:
Result for strip_tags[$text]:
Result for strip_tags_content[$text]:
Result for strip_tags_content[$text, '']:
Result for strip_tags_content[$text, '', TRUE];
I hope that someone is useful :]
Function:
Sample text:
$text = 'sample text with
sample text with tags
text with
sample text with
text with
bzplan at web dot de ¶
9 years ago
a HTML code like this:
with
... the result is:
$str = 'color is bluesize is huge
material is wood';
notice: the words 'blue' and 'size' grow together :[
and line-breaks are still in new string $str
if you need a space between the words [and without line-break]
use my function:
... the result is:
$str = 'color is blue size is huge material is wood';
the function:
the KEY is the regex pattern: '/]*>/'
instead of strip_tags[]
... then remove control characters and multiple spaces
:]
doug at exploittheweb dot com ¶
7 years ago
"5.3.4 strip_tags[] no longer strips self-closing XHTML tags unless the self-closing XHTML tag is also given in allowable_tags."
This is poorly worded.
The above seems to be saying that, since 5.3.4, if you don't specify "
" in allowable_tags then "
" will not be stripped... but that's not actually what they're trying to say.
What it means is, in versions prior to 5.3.4, it "strips self-closing XHTML tags unless the self-closing XHTML tag is also given in allowable_tags", and that since 5.3.4 this is no longer the case.
So what reads as "no longer strips self-closing tags [unless the self-closing XHTML tag is also given in allowable_tags]" is actually saying "no longer [strips self-closing tags unless the self-closing XHTML tag is also given in allowable_tags]".
i.e.
pre-5.3.4: strip_tags['Hello World
','
'] => 'Hello World
' // strips
because it wasn't explicitly specified in allowable_tags
5.3.4 and later: strip_tags['Hello World
','
'] => 'Hello World
' // does not strip
because PHP matches it with
in allowable_tags
Dr. Gianluigi "Zane" Zanettini ¶
6 years ago
A word of caution. strip_tags[] can actually be used for input validation as long as you remove ANY tag. As soon as you accept a single tag [2nd parameter], you are opening up a security hole such as this:
Plus: regexing away attributes or code block is really not the right solution. For effective input validation when using strip_tags[] with even a single tag accepted, //htmlpurifier.org/ is the way to go.
stever at starburstpublishing dot com dot au ¶
6 years ago
Since strip_tags does not remove attributes and thus creates a potential XSS security hole, here is a small function I wrote to allow only specific tags with specific attributes and strip all other tags and attributes.
If you only allow formatting tags such as b, i, and p, and styling attributes such as class, id and style, this will strip all javascript including event triggers in formatting tags.
Note that allowing anchor tags or href attributes opens another potential security hole that this solution won't protect against. You'll need more comprehensive protection if you plan to allow links in your text.
abe ¶
1 year ago
Note, strip_tags will remove anything looking like a tag - not just tags - i.e. if you have tags in attributes then they may be removed too,
e.g.