The difference between php using htmlspecialchars() and strip_tags functions to filter HTML tags
- 高洛峰Original
- 2016-10-09 11:28:021643browse
Original address: http://www.manongjc.com/article/1103.html
First let’s take a look at the usage examples of htmlspecialchars function and strip_tags function:
<?php $str="<a href='http://www.manongjc.com'>码农教程'\"</a>"; echo htmlspecialchars($str); echo "<br/><br/>"; echo strip_tags($str); ?>
The browser outputs the following results:
Coder Tutorial' "
Coder Tutorial'"
View the page source code, the results are as follows:
<a href='http://www.manongjc.com'>码农教程'"</a><br/><br/>码农教程'"
From the results, we can see that the difference between htmlspecialchars() and strip_tags is as follows:
Difference 1:
strip_tags function is used to remove HTML tags, while htmlspecialchars does not remove html tags, but only converts tags into HTML instances, so the biggest difference between the two is that one is to delete HTML tags, and the other is to convert html tags into other characters.
Difference 2:
If the tag in the string that needs to be removed from the HTML tag is originally wrong, for example, the greater than symbol is missing, an error will be returned when using the strip_tags function, but no error will appear with htmlspecialchars, still and then converted to HTML entities.
Difference 3:
When preventing XSS attacks, it is generally recommended to use the htmlspecialchars function, because although strip_tags can delete HTML tags, it will not delete " or '. Therefore, even if you use strip_tags, you still need to use the htmlspecialchars function To filter out " or '
" in form submission or user message board, if you want the original data output with the browser, then please use the htmlspecialchars function, do not use the strip_tags function.
For information about htmlspecialchars() and strip_tags functions, please refer to:
http://www.manongjc.com/article/1213.html
http://www.manongjc.com/article/1099.html
http://www.manongjc.com/article/795.html