PHP - English

PHP strip_tags



A third security option for your HTML forms is to use the strip_tags( ) function.
(See the previous lessons for why you want to do this.)
It will, as its name suggests, strip all HTML for you. You can, however, tell
this function to ignore HTML that you consider harmless, or that you want to
include. Here’s the syntax:

strip_tags( $string, html_tags_to_ignore

So the first thing you need to provide the strip_tags( ) function with
is the string of text you’re trying to check. The second thing, html_tags_to_ignore,
is optional. If you leave this off then the function will strip all tags. Here’s
two example to try:

$first_name = $_POST[‘first_name’];
$first_name = strip_tags( $first_name );
echo $first_name;

The new line is set up to strip all HTML from the variable called $first_name.
When the script is run, it will look like this:

Using the strip_tags PHP function

As you can see, only the text of the HTML is left – A Nasty Site.

If it would be OK for people to enter things like bold text or italics, then
you’d set up the function like this:

$first_name = $_POST[‘first_name’];
$first_name = strip_tags( $first_name, “<B>” );
echo $first_name;



When you have text coming from a form, you should always use a security technique
to thwart an attack. However, it’s naïve to think we can thwart every attack,
and a determined and skilful hacker could probably defeat you. But if you take
sensible security measure, you should be able to defend yourself against most
attacks. It’s well worth doing more research on the subject. search Google for
the phrase PHP Security.


In the next section, we’ll take a look at opening and working with files in


Kaynak : ‘sitesinden alıntı

Yorum Yap