filter_str()
function filter_str(string $str, array $allowed_tags = []): string
Description
Filters and sanitizes a string by removing potentially harmful content while optionally preserving specified HTML tags. This is useful for processing user input that may contain limited HTML formatting.
Parameters
| Parameter | Type | Description | Default |
|---|---|---|---|
| $str | string | The input string to be filtered and sanitized. | N/A |
| $allowed_tags | string[] | An optional array of allowed HTML tags, e.g., ['p', 'b', 'i']. |
[] |
Return Value
| Type | Description |
|---|---|
| string | The filtered and sanitized string. |
Example Usage
PHP
$input = '<script>alert("xss")</script><p>Hello</p>';
// Strip all tags
echo filter_str($input);
// "alert("xss")Hello"
// Allow only <p> tags
echo filter_str($input, ['p']);
// "<p>Hello</p>"