The PHP Function Strip_Tags
The php function strip_tags is an important one to understand for any developer working with user-generated content on a website. It helps to sanitize input data and ensure that malicious code such as scripts isn’t executed on the web server or displayed to users.
The ph_strip_tags() function removes HTML and PHP tags from a string, leaving only plain text. It has two required parameters: the string to work on and a list of tags that shouldn’t be stripped. The function return the stripped string.
Stripping tags in input is a part of input sanitization, and is often done in conjunction with other sanitization functions like escaping. However, the ph_strip_tags() does not validate or check the integrity of the HTML tags it strips. So it’s not suitable for preventing certain attacks like XSS. Instead, other appropriate methods or functions should be used for this purpose depending on the context.
ph_strip_tags() is an inbuilt function and therefore available in all versions of PHP. However, it’s always a good idea to keep the PHP version up to date as new features and security patches are often included with the latest releases.
As with all functions in PHP, it’s important to know what the return type of a function is before using it. The var_dump() function shows the return type of ph_strip_tags() to be a string.