PHP strip_tags()

Introduction

In PHP, the strip_tags() function is a useful tool for sanitizing and cleaning up HTML or XML tags from a given string. It allows developers to remove any HTML or XML tags from the input and retrieve the plain text content.

The primary purpose of strip_tags() is to prevent potential security vulnerabilities, such as cross-site scripting (XSS) attacks, by removing any HTML or XML tags that may be present in user-generated content. By stripping these tags, it ensures that only the plain text remains, eliminating any potentially malicious code or formatting that could affect the integrity of the output.

The strip_tags() function takes a string as input and removes all HTML and XML tags, leaving only the textual content. Additionally, you can specify certain tags to be allowed and preserved, by passing them as the second parameter to the function. This feature can be handy when you want to allow specific tags while removing the rest.

The strip_tags() function is commonly used when processing user-generated content, such as comments, forum posts, or form inputs. It helps maintain data integrity, enhances security, and ensures that the output is clean and free from any potentially harmful tags.

It's important to note that while strip_tags() removes tags, it does not perform any additional sanitization or validation of the remaining content. If you require stricter data validation or additional cleaning, it is recommended to use other functions or techniques specifically designed for that purpose.

The strip_tags() function in PHP provides a convenient way to remove HTML and XML tags from a string, ensuring that the output contains only plain text. It is a valuable tool for sanitizing user-generated content, enhancing security, and preventing potential vulnerabilities.

Syntax strip_tags() Function in PHP

The syntax of the strip_tags() function in PHP is as follows:

The strip_tags() function accepts two parameters:

• $str (required): This parameter specifies the input string from which you want to remove the tags. It can be a variable, a string literal, or an expression.

• $allowable_tags (optional): This parameter allows you to specify a list of tags that you want to preserve in the string. If specified, only the tags listed in $allowable_tags will be retained, and all other tags will be removed. The tags should be provided as a string, with each tag separated by a space.

Run the above code in your editor for a better and clear explanation.

Parameter Values of strip_tags() Function in PHP

The strip_tags() function in PHP accepts two parameters: $str and $allowable_tags. Here are the possible values for each parameter:

$str (required):

• Value: A string that represents the input from which you want to remove tags.
• Example: $str = "<p>Hello, <strong>PHP</strong> is <em>awesome</em>!</p>";

Run the above code in your editor for a better and clear explanation.

$allowable_tags (optional):

• Value: A string containing the tags that you want to preserve while removing all other tags. Tags should be separated by spaces.

• Example: $allowable_tags = "<strong><em>";

Run the above code in your editor for a better and clear explanation.

The $str parameter is required and represents the input string from which you want to strip the tags. The $allowable_tags parameter is optional and allows you to specify a list of tags that you want to preserve.

When $allowable_tags is not provided or set to null (default), strip_tags() removes all HTML and PHP tags from the input string.

Return Value of strip_tags() Function in PHP

The strip_tags() function in PHP returns a new string that is the input string with all HTML and PHP tags removed. The return value is always a string.

If the input string contains HTML or PHP tags, the strip_tags() function removes them and returns the resulting string with only plain text remaining. Any content within the tags, such as text or attributes, is discarded.

Here's an example to illustrate the return value of strip_tags():

Output

Explanation

In this example, the $input string contains HTML tags. The strip_tags() function is applied to remove the tags, and the resulting clean string is stored in the $output variable. The echo statement displays the value of $output. Run the above code in your editor for a better and clear explanation.

Return Type of strip_tags() Function in PHP

The strip_tags() function in PHP always returns a string. Regardless of the input provided or the presence of tags, the return type of strip_tags() is always a string.

When the function is called and the input string contains HTML or PHP tags, the function removes the tags and returns the resulting string with only plain text remaining.

Here's an example to demonstrate the return type of strip_tags():

Output

Explanation

In this example, the strip_tags() function is applied to the $input string, which contains HTML tags. The resulting string with tags removed is stored in the $output variable. The var_dump() function is used to display the value and the data type of $output. The var_dump() output confirms that the return type of strip_tags() is a string, as indicated by the (string) before the string value. Run the above code in your editor for a better and clear explanation.

PHP Version

The strip_tags() function is available in all PHP versions, starting from PHP 4.0.1. It is a built-in function in PHP and can be used in any PHP version, including the latest versions like PHP 8.

Regardless of the PHP version you are using, you can safely utilize the strip_tags() function to remove HTML and PHP tags from a given string. It is a widely used function for sanitizing user input and ensuring the security and integrity of content displayed or stored in PHP applications.

It's worth noting that while the strip_tags() function itself remains consistent across PHP versions, there might be other changes or improvements introduced in different PHP versions that impact overall PHP functionality or introduce new features. It is always recommended to keep your PHP version up to date to leverage the latest enhancements, security patches, and bug fixes.

Exceptions

In PHP, the strip_tags() function does not throw any exceptions. It is a simple function that sanitizes a string by removing HTML and PHP tags. If any errors occur during the execution of strip_tags(), they are typically reported as warnings or notices, but they do not halt the execution of the script.

Instead of throwing exceptions, strip_tags() handles errors by returning the modified string or the original string if no tags were present. It is important to note that strip_tags() does not validate or check the correctness of HTML tags or their attributes.

To handle any potential errors or issues related to strip_tags(), you can utilize PHP's error handlings mechanisms, such as error reporting levels and custom error handlers. These approaches allow you to control how errors are handled and display appropriate error messages to users or log them for debugging purposes.

Examples of PHP strip_tags() Function

Example 1: Basic Usage

Output

Explanation

In this example, the strip_tags() function removes all HTML tags from the $input string and assigns the result to the $output variable. The resulting string is then echoed, displaying only the plain text. Run the above code in your editor for a better and clear explanation.

Example 2: Preserving Specific Tags

Output

Explanation

Here, the $input string contains HTML tags. By specifying the <strong> tag as the second argument of strip_tags(), only that tag is preserved, while other tags are removed. The resulting string is then echoed, maintaining the <strong> tag. Run the above code in your editor for a better and clear explanation.

Example 3: Removing PHP Tags

Output

Explanation

In this example, the $input string includes PHP tags. The strip_tags() function removes the tags, leaving the PHP code intact. The resulting string is then echoed, displaying the PHP code without the tags. Run the above code in your editor for a better and clear explanation.