The difference between PHP htmlspecialchars () and Strip_tags functions

PHP htmlspecialchars () and STRIP_TAGS functions are formatted HTML code, a lot of people think htmlentities and htmlspecialchars function is the same, but they are really the same, the answer is negative, Otherwise it will not be the two functions, this article will take you to understand the difference between PHP htmlspecialchars () and Strip_tags functions

Let's take a look at the usage examples of the Htmlspecialchars function and the Strip_tags function:

<?php$str= "<a href= ' http://www.php.cn ' >php Chinese web </a>"; Echo htmlspecialchars ($STR); Echo <br> <br> Echo strip_tags ($STR);? >

The code runs the browser output result:

View the page source code, the results are as follows:

<a href= ' http://www.php.cn ' >php Chinese web ' "</a><br/><br/>php Chinese Network '"

From the results we can see that the difference between htmlspecialchars () and Strip_tags is as follows:

Difference One:

The Strip_tags function uses to remove HTML tags, and htmlspecialchars does not remove the HTML tags, just converts the tags to HTML instances, so the biggest difference between the two is to delete the HTML tags, One is to convert HTML tags to other characters.

Difference Two:

If you need to remove HTML tags in the string inside the original error, such as less than the symbol, the use of the Strip_tags function will return errors, and Htmlspecialchars will not have errors, and then converted to HTML entities.

Difference Three:

It is generally recommended to use the Htmlspecialchars function when preventing XSS attacks, because strip_tags can delete HTML tags, but it does not delete "or". So even if you use strip_tags, you still need to use the Htmlspecialchars function to filter out "or"

In the form submission or user message board, if you want the raw output of the data with the browser, then use the Htmlspecialchars function, do not use the Strip_tags function.