A brief analysis of a bug in PHP function strip_tags_PHP Tutorial

The PHP function strip_tags provides the function of removing HTML and PHP tags from a string. This function attempts to return the result of the given string str after removing null characters, HTML and PHP tags.

Since strip_tags() cannot actually validate HTML, incomplete or broken tags will cause more data to be deleted.

For example, the following code:

Copy code The code is as follows:

string

string< stringhello

string

By strip_tags($str, ‘

’) filtering, we may expect to get the following results:

Copy code The code is as follows:

string

string< stringhello

string

The actual operation result is this:

Copy code The code is as follows:

string

string

This is all because of the red left angle bracket. I checked the PHP documentation and there is a warning:

Since strip_tags() cannot actually validate HTML, incomplete or broken tags will cause more data to be deleted.

Since the correctness of the code cannot be verified before filtering is performed, the code after encountering the tag-related characters “<” or “>” will all hang!

http://www.bkjia.com/PHPjc/774996.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/774996.htmlTechArticlePHP function strip_tags provides the function of removing HTML and PHP tags from strings. This function attempts to return the given String str The result after removing null characters, HTML and PHP tags. ...

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn