strip_tags()

(PHP 4, PHP 5, PHP 7)

从字符串中去除 HTML 和 PHP 标记

说明

该函数尝试返回给定的字符串$str去除空字符、HTML 和 PHP 标记后的结果。它使用与函数fgetss()一样的机制去除标记。

参数

输入字符串。

使用可选的第二个参数指定不被去除的字符列表。

HTML 注释和 PHP 标签也会被去除。这里是硬编码处理的，所以无法通过$allowable_tags参数进行改变。Note:

In PHP 5.3.4 and later, self-closing XHTML tags are ignored and only non-self-closing tags should be used in$allowable_tags. For example, to allow both
and
, you should use:

返回值

返回处理后的字符串。

更新日志

范例

Example #1strip_tags()范例

以上例程会输出：

Test paragraph. Other text
Test paragraph.
 Other text

注释

由于strip_tags()无法实际验证 HTML，不完整或者破损标签将导致更多的数据被删除。

该函数不会修改$allowable_tags参数中指定的允许标记的任何属性，包括style和onmouseover属性，用户可能会在提交的内容中恶意滥用这些属性，从而展示给其他用户。

Note:

输入 HTML 标签名字如果大于 1023 字节(bytes)将会被认为是无效的，无论$allowable_tags参数是怎样的。

参见

• htmlspecialchars()将特殊字符转换为 HTML 实体

Hi. I made a function that removes the HTML tags along with their contents:
Function:

Sample text:
$text = 'sample text with 
tags
';
Result for strip_tags($text):
sample text with tags
Result for strip_tags_content($text):
 text with 
Result for strip_tags_content($text, ''):
sample text with 
Result for strip_tags_content($text, '', TRUE);
 text with 
tags
I hope that someone is useful :)

https://bugs.php.net/bug.php?id=78346
After upgrading from v7.3.3 to v7.3.7 it appears nested "php tags" inside a string are no longer being stripped correctly by strip_tags().
This is still working in v7.3.3, v7.2 & v7.1. I've added a simple test below.
Test script:
---------------

a HTML code like this: 

with 
... the result is:
$str = 'color is bluesize is huge
material is wood'; 
notice: the words 'blue' and 'size' grow together :( 
and line-breaks are still in new string $str
if you need a space between the words (and without line-break) 
use my function: 
... the result is:
$str = 'color is blue size is huge material is wood'; 
the function: 

the KEY is the regex pattern: '/]*>/'
instead of strip_tags() 
... then remove control characters and multiple spaces
:)

"5.3.4  strip_tags() no longer strips self-closing XHTML tags unless the self-closing XHTML tag is also given in allowable_tags."
This is poorly worded.
The above seems to be saying that, since 5.3.4, if you don't specify "
" in allowable_tags then "
" will not be stripped... but that's not actually what they're trying to say.
What it means is, in versions prior to 5.3.4, it "strips self-closing XHTML tags unless the self-closing XHTML tag is also given in allowable_tags", and that since 5.3.4 this is no longer the case.
So what reads as "no longer strips self-closing tags (unless the self-closing XHTML tag is also given in allowable_tags)" is actually saying "no longer (strips self-closing tags unless the self-closing XHTML tag is also given in allowable_tags)".
i.e.
pre-5.3.4: strip_tags('Hello World

','
') => 'Hello World
' // strips 
 because it wasn't explicitly specified in allowable_tags
5.3.4 and later: strip_tags('Hello World

','
') => 'Hello World

' // does not strip 
 because PHP matches it with 
 in allowable_tags

Note the different outputs from different versions of the same tag:

A word of caution. strip_tags() can actually be used for input validation as long as you remove ANY tag. As soon as you accept a single tag (2nd parameter), you are opening up a security hole such as this:

Plus: regexing away attributes or code block is really not the right solution. For effective input validation when using strip_tags() with even a single tag accepted, http://htmlpurifier.org/ is the way to go.

Features:
* allowable tags (as in strip_tags),
* optional stripping attributes of the allowable tags,
* optional comment preserving,
* deleting broken and unclosed tags and comments,
* optional callback function call for every piece processed allowing for flexible replacements.

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com