Explain PHP strip_tags() function

 Q. Explain  PHP strip_tags function.
Answer:

The strip_tags function in PHP is used to remove HTML and PHP tags from a string. It is commonly used to sanitize input data from users to prevent potential security vulnerabilities, such as cross-site scripting (XSS) attacks. The function takes a string as input and returns a new string with all HTML and PHP tags removed.

Here's the basic syntax of the strip_tags function:
string strip_tags ( string $str [, string $allowable_tags ] )

$str: This is the input string from which you want to remove tags.

$allowable_tags (optional): This parameter allows you to specify certain HTML tags that you want to allow in the resulting string. Tags not listed in this parameter will be removed. This is useful if you want to permit some safe formatting tags while still removing potentially harmful ones.

Here's an example of using strip_tags:

<?php
echo "without strip_tags() function<br>";
$htmlString = '<p>This is a <b>sample</b> text with <a href="#">HTML</a> tags.</p>';
echo $htmlString;

echo "with strip_tags() function<br>";
$strippedString = strip_tags($htmlString);

echo $strippedString;
?>

In this example, the output would be:
without strip_tags() function

This is a sample text with HTML tags.

with strip_tags() function
This is a sample text with HTML tags.

 

If you want to allow certain tags, you can use the second parameter:
<?php
$htmlString = '<p>This is a <b>sample</b> text with <a href="#">HTML</a> tags.</p>';

$allowedTags = '<b><p>';

$strippedString = strip_tags($htmlString, $allowedTags);

echo $strippedString;

?>
Output:

This is a sample text with HTML tags.

 

It's important to note that while strip_tags is useful for basic sanitization, it may not be foolproof for all security scenarios. For more robust security, consider using additional measures such as input validation and output encoding based on the specific requirements of your application.