PHP strip_tags not allowing less than '

Question

Please let me know how to allow less than character '<' in strip_tags()

Code Snippet

$string ="abc<123";
StringFromUser($string);

function StringFromUser($string)
{

    if (is_string($string))
    {
        return strip_tags($string);

    }

}

Output : abc

Expected output abc<123

Ignacio Vazquez-Abrams · Accepted Answer

Encode it properly in the first place.

$string ="abc&lt;123";

Although if you're not sanitizing for HTML output you shouldn't be using strip_tags() anyway.

deceze · Answer

strip_tags is a pretty basic and not very good way to sanitize data (i.e. "punch arbitrary values into shape"). Again, it's not a very good function, as you are seeing. You should only sanitize data if you have a very good reason to, oftentimes there is no good reason. Ask yourself what you are gaining from arbitrarily stripping out parts of a value.

You either want to validate or escape to avoid syntax problems and/or injection attacks. Sanitization is rarely the right thing to do. Read The Great Escapism (Or: What You Need To Know To Work With Text Within Text) for more background on the whole topic.

PHP strip_tags not allowing less than '<' in string

Tags:

php

strip-tags

tarun

2 Answers

Ignacio Vazquez-Abrams

deceze

Recent Activity

Donate For Us