Removing html tags in a php string

Visto en http://php.net/manual/en/function.strip-tags.php 

strip_tags

(PHP 4, PHP 5)

strip_tags — Strip HTML and PHP tags from a string

Report a bug

Description

string strip_tags ( string $str [, string $allowable_tags ] )

This function tries to return a string with all NUL bytes, HTML and PHP tags stripped from a given str. It uses the same tag stripping state machine as the fgetss() function.

Report a bug

Parameters

str

The input string.

allowable_tags

You can use the optional second parameter to specify tags which should not be stripped.

Note:

HTML comments and PHP tags are also stripped. This is hardcoded and can not be changed with allowable_tags.

Note:

This parameter should not contain whitespace. strip_tags() sees a tag as a case-insensitive string between < and the first whitespace or >. It means that strip_tags(" ", " ") returns an empty string.

Report a bug

Return Values

Returns the stripped string.

Report a bug

Changelog

Version	Description
5.0.0	strip_tags() is now binary safe
4.3.0	HTML comments are now always stripped

Report a bug

Examples

Example #1 strip_tags() example

$text = 'Test paragraph.
 Other text';
echo strip_tags($text);
echo "\n";
// Allow  and 
echo strip_tags($text, '');?>

The above example will output:

Test paragraph. Other textTest paragraph.
 Other text

Report a bug

Notes

Warning

Because strip_tags() does not actually validate the HTML, partial or broken tags can result in the removal of more text/data than expected.

Warning

This function does not modify any attributes on the tags that you allow using allowable_tags, including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users.

Report a bug

See Also

• htmlspecialchars() - Convert special characters to HTML entities

stripcslashes strcspn

---

[edit] Last updated: Fri, 14 Oct 2011

 

add a note User Contributed Notes strip_tags

dhgouveia at hotmail dot com 10-Oct-2011 11:09

this is just for strip the inside tags

$allow = '

• ';
  
  $str = '
  Paragraph
  Bold
  Red

  Header

  ';
  
  $result = strip_tags($str,$allow);
  $result = clean_inside_tags($result,$allow);
  
  echo ''</span><span class="keyword">.</span><span class="default">$result</span><span class="keyword">.</span><span class="string">'';
  
  //Clean the inside of the tags
  function clean_inside_tags($txt,$tags){
     
      preg_match_all("/<([^>]+)>/i",$tags,$allTags,PREG_PATTERN_ORDER);
  
      foreach ($allTags[1] as $tag){
          $txt = preg_replace("/<".$tag."[^>]*>/i","<".$tag.">",$txt);
      }
  
      return $txt;
  }
  
  ?>

Setting file name in dynamically generated files wiht HTTP headers

Content-Disposition

The Content-Disposition response-header field has been proposed as a means for the origin server to suggest a default filename if the user requests that the content is saved to a file. This usage is derived from the definition of Content-Disposition in RFC 1806 [35].

content-disposition = "Content-Disposition" ":"
                              disposition-type *( ";" disposition-parm )
        disposition-type = "attachment" | disp-extension-token
        disposition-parm = filename-parm | disp-extension-parm
        filename-parm = "filename" "=" quoted-string
        disp-extension-token = token
        disp-extension-parm = token "=" ( token | quoted-string )

An example is

Content-Disposition: attachment; filename="fname.ext"

The receiving user agent SHOULD NOT respect any directory path information present in the filename-parm parameter, which is the only parameter believed to apply to HTTP implementations at this time. The filename SHOULD be treated as a terminal component only.
If this header is used in a response with the application/octet- stream content-type, the implied suggestion is that the user agent should not display the response, but directly enter a `save response as...' dialog.
See section 15.5 for Content-Disposition security issues.

Content-Disposition

The original MIME specifications only described the structure of mail messages. They did not address the issue of presentation styles. The content-disposition header field was added in RFC 2183 to specify the presentation style. A MIME part can have:

• an inline content-disposition, which means that it should be automatically displayed when the message is displayed, or
• an attachment content-disposition, in which case it is not displayed automatically and requires some form of action from the user to open it.

In addition to the presentation style, the content-disposition header also provides fields for specifying the name of the file, the creation date and modification date, which can be used by the reader's mail user agent to store the attachment.
The following example is taken from RFC 2183, where the header is defined

Content-Disposition: attachment; filename=genome.jpeg;
         modification-date="Wed, 12 February 1997 16:29:51 -0500";

The filename may be encoded as defined by RFC 2231.
As of 2010, a good majority of mail user agents do not follow this prescription fully. The widely used Mozilla Thunderbird mail client makes its own decisions about which MIME parts should be automatically displayed, ignoring the content-disposition headers in the messages. It also sends out newly composed messages with inline content-disposition for all MIME parts. Most users are unaware of how to set the content-disposition to attachment.^[4] Many mail user agents also send messages with the file name in the name parameter of the content-type header instead of the filename parameter of the content-disposition header. This practice is discouraged.^[5]