What is difference between php strip_tags and filter_var function?

Question

They both seems to stripe out html,javascript tags. So when to use which? I have tried both like

<?php

$user_input = "<script>alert('Your site sucks!');</script>";

echo strip_tags($user_input);

?>

And

<?php

$user_input = "<script>alert('Your site sucks!');</script>";

echo filter_var($user_input, FILTER_SANITIZE_STRIPPED);

?>

Answer 1

strip_tags strictly filters all html and php tags from a given string.

filter_var filters out based on multiple different flags that you can provide. It does not rectify a string, but it validates it instead

IE: if you use filter_var with flag: FILTER_VALIDATE_EMAIL, if you give it a valid email address, it will return it as it is, while an invalid email will return false

Answer 2

strip_tags() does just that. According to PHP documentation it:

strips HTML and PHP tags from a string

filter_var() gives you a bit more to work with as you can use different filters with it i.e. FILTER_SANITIZE_EMAIL will sanitize the string to return a valid email.

In terms difference between strip_tags and filter_var with FILTER_SANITIZE_STRIPPED specifically strip_tags will allow less than symbol and filter_var with FILTER_SANITIZE_STRIPPED will remove it.

I.e.:

strip_tags("testing < practice") will return "testing < practice"
filter_var("testing < practice", FILTER_SANITIZE_STRIPPED) will return "testing "