Home/ Questions/Q 8584685
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T21:49:47+00:00

I am creating a validation script which is way more advanced than this little

  • 0

I am creating a validation script which is way more advanced than this little section, I am just printing the specific part I am having issues with.

The script simply takes in a single dimensional array with a list of settings, performs required tests and spits out a multidimensional array with the required string, all clean free of badness.

For some reason the trim() strip_tags() strip_html_tags() functions are working but failing at the same time. By this I mean the string is passed through the functions and showing as clean but the built-in PHP functions aren’t working as expected.

The question is do the built in functions only work on text that is directly output to the user or should the functions work pre output ie as it is being output not while being stored in a database?

I’m looking to strip all script tags as the user inputs so I only have the plain text.

I was wanting to use a switch with each statement which I have the functions below are snippets from switch statements.

What I am trying to use which doesn’t work as expected.

function check_input1($input)
{
    if(trim($input))
    {
        $cleaninput[$i][$input] = 'CLEAN';
    }else
        $cleaninput[$i][$input] = 'DIRTY';
}


function check_input2($input)
{
    if(strip_tags($input))
    {
       $cleaninput[$i][$input] = 'CLEAN';
    }else
       $cleaninput[$i][$input] = 'DIRTY';
}



function check_input3($input)
{
    if(strip_html_tags($input))
    {
       $cleaninput[$i][$input] = 'CLEAN';
    }else
       $cleaninput[$i][$input] = 'DIRTY';
}

What I know works directly output in html elements.

strip_tags(trim($key))
strip_tags(trim($value))
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The question is do the built in functions only work on text that is directly output to the user or should the functions work pre output ie as it is being output not while being stored in a database?

    The functions in question work on any string. There is no different between a string destined for the database vs a string destined for stdout.

    Your problem is that you seem to be expecting the functions to return true/false, as some kind of indication that they found something to strip. That’s not how they work. They return the modified string. Every single if condition will enter the CLEAN section (assuming its function doesn’t return ""), and silently throw away the cleaned string which was returned by the function.

    What you want is something like this:

    function check_input3($input)
{
    $output = strip_html_tags($input);

    if ($output == $input) {
        // strip_html_tags didn't remove anything
        $cleaninput[$i][$input] = 'CLEAN';
    } else {
        // variables differ, so strip_html_tags found something to remove
        $cleaninput[$i][$input] = 'DIRTY';
    }
}
    • 0