Its prototype follows:
string strip_tags(string str [, string allowed_tags])
The input parameter str is the string that will be examined for tags, while the
optional input parameter allowed_tags specifies any tags that you would like to be
allowed in the string. For example, italic tags (
) might be allowable, but table
tags such as
| could potentially wreak havoc on a page. An example follows:
$input = "I
really | love
PHP!";
$input = strip_tags($input,"
");
// $input now equals "I really love
PHP!"
?>
Taking Advantage of PEAR: Validate
While the functions described in the preceding section work well for stripping potentially
malicious data from user input, what if you want to verify whether the provided
data is a valid e-mail address (syntactically), or whether a number falls within a specific
range? Because these are such commonplace tasks, a PEAR package called Validate
can perform these verifications and more. You can also install additional rules for validating
the syntax of localized data, such as an Australian phone number, for instance.
Installing Validate
To take advantage of Validate??™s features, you need to install it from PEAR. Therefore,
start PEAR and pass along the following arguments:
%>pear install -a Validate-0.6.5
CHAPTER 21 ?– SECURE PHP PROGRAMMING 557
Starting to download Validate-0.
Pages:
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641