Essential PHP

Stripping Tags

suggest change

strip_tags is a very powerful function if you know how to use it. As a method to prevent cross-site scripting attacks there are better methods, such as character encoding, but stripping tags is useful in some cases.

Basic Example 

$string = '<b>Hello,<> please remove the <> tags.</b>';

echo strip_tags($string);

Raw Output 

Hello, please remove the tags.

Allowing Tags

Say you wanted to allow a certain tag but no other tags, then you’d specify that in the second parameter of the function. This parameter is optional. In my case I only want the <b> tag to be passed through. 

$string = '<b>Hello,<> please remove the <br> tags.</b>';

echo strip_tags($string, '<b>');

Raw Output 

<b>Hello, please remove the  tags.</b>

Notice(s)

HTML comments and PHP tags are also stripped. This is hardcoded and can not be changed with allowable_tags.

In PHP 5.3.4 and later, self-closing XHTML tags are ignored and only non-self-closing tags should be used in allowable_tags. For example, to allow both <br> and <br/>, you should use: 

<?php
strip_tags($input, '<br>');
?>
Found a mistake? Have a question or improvement idea? Let me know.

Feedback about page:

Feedback:
Optional: your email if you want me to get back to you:

Table Of Contents