Strip_tags() – Less Than you Bargained For

While this may be handy for removing HTML from a string, be forewarned that the function is a lot less picky than you may think when it comes to the less than symbol ( < ). First, the section from the PHP book:

strip_tags($string [, allowed_tags])

allowed_tags – [optional] $string

Remove HTML tags and comments from $string. If specific tags should be
excluded, they can be specified inside allowed_tags.

$string = "<p>This is a paragraph. </p><strong>Yay!</strong>";
echo strip_tags($string), strip_tags($string, '<p>');

HTML Source Code:

This is a paragraph. Yay! <p>This is a paragraph. </p>Yay!

So what happens to the following example, when we want to remove all the tags? Fair warning, something strange happens:

$string = "I <strong>love</strong> this book because it costs <$20.";
echo strip_tags($string);

HTML Source Code:

I love this book because it costs

As you can see, it removed the <$20 portion of the string as well, even without the closing greater than ( > ) tag at the end. Be careful when using strip_tags(), especially without specifying the allowed tags, or consider using an alternate such as htmlspecialchars() to encode the characters into their html equivalent rather than removing them.

Similar Posts: