Updated April 3, 2023
Introduction to PHP strip_tags() Function
The strip_tags() function in PHP is an inbuilt one which strips/removes a string from HTML and PHP tags. This returns a string having a NULL value in bytes and HTML, PHP tags being removed/stripped from the given input string. This function is basically helpful when we display the input of the user to our site. For example, when we create our message forum on the site a user is able to post a title as follows: <h1>THIS SITE IS BAD!</h1>. If the website was to display all the titles of each post then this unwanted message would also get displayed on the site in heading format to all the visitors of the page. Hence by using this strip_tag() functions it would help in eradicating such issues.
Syntax:
string strip_tags( $str, $allowed_tags )
Parameters Required: There are 2 parameters which the function accepts;
- $str being the mandatory parameter and which is the main string which needs to be checked.
- $allowed_tags is the non-mandatory parameter which describes the tags which are allowed and not to be stripped off. Hence these tags will be retained.
Return Value: This strip_tags function gives us the resultant string stripped off from the input string.
Exceptions:
- This function does not provide validation of HTML.
- Some of the things that are stripped by default are the HTML comments and PHP tags and these things cannot be changed as they are hard-coded.
- The self-closing XHTML tags are ignored in versions after PHP 5.3.4 and hence only non-self-closing tags are allowed to be used in $allowed_tags.
Examples of PHP strip_tags() Function
Let us now take some examples to understand the working of PHP strip_tags function.
Example #1
Code:
<?php
// PHP programme to demostrate
// strip_tags function without $allowed_tags parameter
echo strip_tags("Hello <b>Sample Program!</b>");
?>
Output:
In the above example we are displaying a simple PHP code to illustrate that strip_tags function can be used without specifying the second parameter to specify which all characters are allowed. This means all the characters in the string are allowed and printed as is.
Example #2
Code:
<?php
$str = '<p>To test a paragraph.</p><!-- Starting comments --> <a href="#fragment">Another paragraph goes here</a>';
echo strip_tags($str);
echo "\n";
// Here we allow HTML tag <p>
echo strip_tags($str, '<p>');
// In the version till PHP 7.4.0 the above code can be written as:
// echo strip_tags($str, ['p', 'a']);
?>
Output:
In the above example we are first specifying the required HTML code and assigning the same to the input string $str. We then use strip tag function on that string by using only single parameter. Next we showcase the use of second parameter $allow_tags where we specify only the tag <p> meaning that only <p> tag should be allowed and rest all tags should be trimmed off. Hence in the output we can see that only <p> tag information is displayed and <a> tag information is not displayed. Also we can see that in the output the HTML comments are not printed and hence proves that HTML comments are trimmed by this function by default even if we do not specify in the second parameter list.
Warnings:
- This function cannot be used to prevent certain attacks like XSS. There are other appropriate methods or functions like htmlspecialchars() which can be used for this purpose depending on what kind of output is required.
- The function strip_tags() just trims off the HTML tags without really validating them. As a result, this may lead to broken tags or removal of more/less data than what is expected. Hence it should be taken care while specifying the second parameter of the function.
- This function also does not support any modification on the parameters we specify in the $allowed_tags function also including the onmouseover and style attributes that some user may use to post a text to display to other users.
- One more thing to note while using this function is that the tag names whose characters are greater than a specified length (1023 bytes) within the HTML will be treated as though invalid, irrespective of what we give in the $allowed_tags as parameters.
Example #3
Code:
<?php
$str = '<a title="" href="/index.html"><b>Some Text</b></a>
Just a sample text to showcase a paragraph coming in HTML body';
echo strip_tags_content($str);
function strip_tags_content($str) {
return preg_replace('@<(\w+)\b.*?>.*?</\1>@si', '', $str);
}
?>
Output:
In the above example we are using strip_tags function to remove the anchor tag along with its contents in its input string. PHP strip_tags will automatically remove both opening and closing HTML tags when they are being stripped.
Example #4
Code:
<?php
$str = '<?= \'<?= 1 ?>\' ?>2';
var_dump(strip_tags($str));
?>
Output:
This example shows how to strip contents from a nested PHP tag.
Example #5
Code:
<?php // Test.php
$str = '<br>Trial<br/>on<br />NewLine';
$d = strip_tags($str, '<br />');
var_dump($d); // Displays string(11) "TraialonNewLine" on output
?>
Output:
In this example, we can see that we are allowing only contents inside <br/> string and this output here will change as we run in different versions of PHP.
Example #6
Code:
<?php
function strip_tags_d($a)
{
return is_array($a) ?
array_map('strip_tags_d', $a) :
strip_tags($a);
}
// Example
$arr1 = array('<b>Car</b>', '<i>Bat</i>', array('<b>Car</b>', '<i>Bat</i>'));
$arr1 = strip_tags_d($arr1);
// Output
print_r($arr1);
?>
Output:
In the above example, we are displaying the use of recursive functions for strip_tags function. Hence in the output we can see that the array is printed in loops of 2.
Conclusion
As shown above, we saw how to strip some unwanted HTML and PHP tags from the code by using the strip_tags() function. This function can parse the input string and extract its structure. It usually trims or replaces the given HTML or PHP tags which we pass as a list of input arguments to be removed from the HTML document. This is also used in cases when we only need to trim PHP tags and not HTML and vice versa.
Recommended Article
This is a guide to the PHP strip_tags(). Here we discuss the Introduction to PHP strip_tags() Function and its examples along with Code Implementation. You can also go through our other suggested articles to learn more-
