strip_tags is a very powerful function if you know how to use it. As a method to prevent cross-site scripting attacks there are better methods, such as character encoding, but stripping tags is useful in some cases.
$string = '<b>Hello,<> please remove the <> tags.</b>'; echo strip_tags($string);
Hello, please remove the tags.
Say you wanted to allow a certain tag but no other tags, then you'd specify that in the second parameter of the function. This parameter is optional. In my case I only want the
<b> tag to be passed through.
$string = '<b>Hello,<> please remove the <br> tags.</b>'; echo strip_tags($string, '<b>');
<b>Hello, please remove the tags.</b>
HTML comments and
PHP tags are also stripped. This is hardcoded and can not be changed with allowable_tags.
PHP 5.3.4 and later, self-closing
XHTML tags are ignored and only non-self-closing tags should be used in allowable_tags. For example, to allow both
<br/>, you should use:
<?php strip_tags($input, '<br>'); ?>