PHP - Only Removing PHP tag from the string

Question

I have a CMS where I let the user to upload JS and HTML code and I want them use all possible HTML tags, and only tags I want to restrict are <PHP ?> and <? ?>

I know we have strip_tags but it only have the option of allow tags. I want something similar but with the option of ban tags.

Thanks

Answer 1

if the tags are only these, you can use preg_replace function:

$string = '<?php content ?>';
$string = preg_replace('/(<\?php|<\?|\?>)/i', '', $string);
echo $string;

it will output content

more information here: http://www.php.net/manual/en/function.preg-replace.php

Answer 2

I first want to note that unless you are using eval, this shouldn't really be a problem, but anyway, my solution:

do {
    $content = preg_replace('/(<\\?.*?(\\?>|$))/si', '', $content, -1, $count);
} while($count);

If you're wondering why it's in a loop, it's because hackers can be quite ingenious: <<? ?>?php

This also removes the content between tags.

It will also remove other Processing Instruction tags (like <?xml).

Answer 3

This can't be done with strip tags as that function only handles html tags, and technically speaking, php open/close tags are not html.

What you could do is use a regular expression for simply matching the strings in context where they could mean something... It's a bit of a broad replace but not a terrible assumption that any tags in this format are meant to be open/close tags and can thus be filtered out:

$result = preg_replace('/<\?php|<\?|\?>/im', '', $content);

Answer 4

<?php
 $string='this string contains <?php tag';
 $string=str_replace('<?php','',$string);    // same can be done for '?>'
 echo $string;
?>

Demo