strip_tags not working

php mysql html filter strip-tags
Ilja picture Ilja · Dec 20, 2011 · Viewed 8.3k times · Source

I am truing to filter html characters out like this

$user = $_POST["user"]; //Get username from <form>
mysql_real_escape_string($user); //Against SQL injection
strip_tags($user); //Filter html characters out

But for some reason this is not filtering html characters out. I don't know why, could it by mysql_real_escape_string?

Answer

lorenzo-s picture lorenzo-s · Dec 20, 2011

...But, do you mean:

$user = $_POST["user"]; // Get username from <form>
$user = mysql_real_escape_string($user); // Against SQL injection
$user = strip_tags($user); // Filter html characters out

?

As said in the other answers (referring to strip_tags(), but it's the same for mysql_real_escape_string()), these functions do not alter strings directly, but return the modified copy. So you have to assign return values to the same (or another) variable!

Related questions

Preserve Line Breaks From TextArea When Writing To MySQL

I'm using a textarea to enable users to input comments. However, if the users enters new lines, the new lines don't appear when they are outputted. Is there any way to make the line breaks stay. Any idea how do …

Read More
Delete multiple rows by selecting checkboxes using PHP

I want to delete multiple rows from MYSQL database. I have created this delete.php file to select various links and delete them using checkboxes. <html> <head> <title>Links Page</title> </…

Read More
Using a Submit Button to insert an entry into a MySQL database via PHP?

I'm pretty new to PHP, so I'm not quite sure on what to do with this. Basically I'm trying to insert an entry into my MySQL database, through a "submit" button in HTML. I can't seem to get this to …

Read More