Introduction

Quick Start

Basic Concepts

Understanding Routing

Intercepting Requests

Module Fundamentals

Database Operations

Templates

Helpers

Form Handling

Form Validation

Working With Files

Image Manipulation

Working With Dates & Times

Language Control

Security

Tips And Best Practices

String Helpers

Trongate ships with a compact suite of pure PHP functions for everyday text-work. No configuration, no classes, no overhead - just reliable helpers you can call from any controller, model or view.

Available Functions

extract_content() - pull text between two markers
filter_name() - sanitize names and usernames
filter_str() - clean general text input
get_last_part() - return the final segment
make_rand_str() - generate cryptographically secure random strings
nice_price() - format numbers as prices
out() - escape output for HTML, JSON, JavaScript and XML
remove_html_code() - strip blocks of HTML by pattern
remove_substr_between() - remove text between markers
replace_html_tags() - convert HTML blocks based on rules
sanitize_filename() - clean filenames safely
truncate_str() - limit by characters
truncate_words() - limit by words
url_title() - generate URL - friendly slugs

Truncate Text

The truncate_str() function cuts by characters. The truncate_words() function cuts by words.

PHP

<?php
$txt = 'The quick brown fox jumps over the lazy dog';

echo truncate_str($txt, 20);     // The quick brown fox...
echo truncate_words($txt, 4);    // The quick brown fox...
?>

Get the Final Segment

The get_last_part() function returns the final portion of a string using a chosen delimiter.

PHP

<?php
echo get_last_part('user-profile-photo');         // photo
echo get_last_part('path/to/something', '/');     // something
?>

Extract or Remove Text Between Markers

The extract_content() function finds the first matching pair of delimiters and returns what is inside.

PHP

<?php
$html = '<div>Keep</div><script>bad()</script>';

echo extract_content($html, '<div>', '</div>');  
// Keep
?>

The remove_substr_between() removes text between markers. You may remove a single match or all matches.

PHP

<?php
$str = 'Hello [hide]secret[/hide] world';

echo remove_substr_between('[hide]', '[/hide]', $str);
// Hello  world

echo remove_substr_between('[hide]', '[/hide]', $str, true);
// Removes every instance if there are multiple
?>

Prices

The nice_price() function formats numbers using commas, removes unnecessary decimals and optionally prepends a currency symbol.

PHP

<?php
echo nice_price(1234.56);        // 1,234.56
echo nice_price(1000.00);        // 1,000
echo nice_price(999.00, '$');    // $999
?>

Slugs and Safe Filenames

The url_title() function creates a URL - friendly slug. If the intl extension is loaded, it transliterates non-Latin characters.

PHP

<?php
echo url_title('Café Résumé 2025');
// cafe-resume-2025
?>

The sanitize_filename() function cleans filenames, preserves extensions and handles international characters safely.

PHP

<?php
echo sanitize_filename('Москва Фото.jpg');
// moskva-foto.jpg   (when intl is enabled)
?>

Safe Output

The out() function escapes strings for HTML, JSON, JavaScript, XML or attribute contexts. Always wrap untrusted content before sending it to the browser.

PHP

<?php
echo out($user_bio);                         // HTML
echo out($json_string, 'json');              // inside JSON
echo out($js_value, 'javascript');           // inside <script>
?>

Security tip: If it came from a user, run it through out() before outputting it.

Random Strings

The make_rand_str() produces cryptographically secure random strings, avoiding confusing characters such as 0, O, 1 and l.

PHP

<?php
echo make_rand_str();          // 32 chars
echo make_rand_str(12, true);  // 12 uppercase chars
?>

HTML Conversion Helpers

The replace_html_tags() function swaps one block of HTML tags for another, preserving the enclosed content.

PHP

<?php
$specs = [
  'opening_string_before' => '<span>',
  'close_string_before'   => '</span>',
  'opening_string_after'  => '<div>',
  'close_string_after'    => '</div>'
];

echo replace_html_tags('<span>Hello</span>', $specs);
// <div>Hello</div>
?>

The remove_html_code() function removes blocks of HTML entirely.

PHP

<?php
$html = '<div>Hi</div><script>bad()</script>';
echo remove_html_code($html, '<script>', '</script>');
// <div>Hi</div>
?>

Filtering Input (Content Normalizing)

Trongate offers helper functions that help you normalize text or enforce formatting rules before storing data. These functions are not security filters and should not be used as a substitute for output escaping. Instead, they are useful when you want predictable, well-formed text in your database.

The filter_str() function removes disallowed HTML tags while preserving the ones you specify. This is useful for bios, descriptions and other user text where you want to allow some formatting but prevent unwanted code.

PHP

<?php
$input = '<script>alert("Hello");</script>'; 
$allowed = ['<p>', '<a>']; 
echo filter_str($input, $allowed); // Output: alert("Hello"); 
?>

The filter_name() function is designed for usernames, screen names and full names. It strips tags and limits characters to a safe, readable subset, optionally allowing custom additional characters.

PHP

<?php 
$input = '<script>alert("Hello");</script>'; 
$allowed = ['-', '_']; 
echo filter_name($input, $allowed); // Output: alert("Hello"); 
?>

We're continually improving the Trongate documentation. If anything is incorrect, unclear, incomplete, or could be better, we'd genuinely appreciate your input.

Share your thoughts in the Documentation Feedback.

Leave Feedback About This Page