The PHP function strip_tags provides the function to remove HTML and PHP tags from a string. This function tries to return the result after the given string str removes null characters, HTML and PHP tags.
Because strip_tags() cannot actually verify HTML, incomplete or broken tags will cause more data to be deleted.
For example, the following code:
<div>string</div>string<string<b>hello</b><div>string</div>
Filtering with strip_tags($str, ‘<div>') we may expect the following results:
<div>string</div>string<stringhello<div>string</div>
The actual operation result is as follows:
<div>string</div>string
All this is because of the red left angle brackets. I checked the PHP documentation and there is a warning:
Because strip_tags() cannot actually verify HTML, incomplete or broken tags will cause more data to be deleted.
Since the code is not verified before performing filtering, all the codes after the characters "<" or ">" related to the tag will be hung up!