PHP have rich set of function to deal with errors 🙂
Sometime single setting in php.ini can effect the output of function.
Magic Quotes is a process that automagically escapes incoming data to the PHP script. It’s preferred to code with magic quotes off and to instead escape the data at runtime, as needed.
Magic Quotes are depreciated and going to be removed in PHP6.
<?php
// does the actual 'html' and 'sql' sanitization. customize if you want.
function sanitizeText($text)
{
$text = str_replace("<", "<", $text);
$text = str_replace(">", ">", $text);
$text = str_replace("\"", """, $text);
$text = str_replace("'", "'", $text);
// it is recommended to replace 'addslashes' with 'mysql_real_escape_string' or whatever db specific fucntion used for escaping. However 'mysql_real_escape_string' is slower because it has to connect to mysql.
$text = addslashes($text);
return $text;
}
// the reverse function of 'sanitizeText'. you may use it in pages which need the original data (e.g. for an HTML editor)
function unsanitizeText($text)
{
$text = stripcslashes($text);
$text = str_replace("'", "'", $text);
$text = str_replace(">", ">", $text);
$text = str_replace(""", "\"", $text);
$text = str_replace("<", "<", $text);
return $text;
}
?>
If strip_tags() is not working means there are no HTML tags in string “$description” supplied to function strip_tags.
We can debug this using html_entity_decode(), this function will convert visible tags < or > to actual HTML tags < or > 😉
$description = html_entity_decode($description);
$description = strip_tags($description);
