Strip_tags() – Less Than you Bargained For

While this may be handy for removing HTML from a string, be forewarned that the function is a lot less picky than you may think when it comes to the less than symbol ( < ). First, the section from the PHP book:


strip_tags($string [, allowed_tags])

allowed_tags – [optional] $string

Remove HTML tags and comments from $string. If specific tags should be
excluded, they can be specified inside allowed_tags.

Examples:
$string = "

This is a paragraph.

Yay!";
echo strip_tags($string), strip_tags($string, '

');

HTML Source Code:

This is a paragraph. Yay!

This is a paragraph.

Yay!


So what happens to the following example, when we want to remove all the tags? Fair warning, something strange happens:

$string = "I love this book because it costs <$20.";
echo strip_tags($string);

HTML Source Code:

I love this book because it costs

As you can see, it removed the <$20 portion of the string as well, even without the closing greater than ( > ) tag at the end. Be careful when using strip_tags(), especially without specifying the allowed tags, or consider using an alternate such as htmlspecialchars() to encode the characters into their html equivalent rather than removing them.

Similar Posts: