English
English
The fgetss function in PHP is used to read one line from a file while automatically stripping HTML and PHP tags from that line. It is an improvement over the fgetcsv function. Unlike fgetcsv, which only reads CSV formatted files, fgetss reads from regular files and removes potentially dangerous code tags, enhancing security.
<span class="fun">string fgetss(resource $handle [, int $length [, string $allowed_tags ]])</span>
handle: Required. The file handle resource.
length: Optional. Specifies the maximum number of characters to read; default is 1024.
allowed_tags: Optional. Defines which HTML tags should be allowed and not stripped.
Below is a basic example demonstrating how to use the fgetss function to read one line from a file and strip all HTML and PHP tags:
$handle = fopen("/tmp/inputfile.txt", "r");
if ($handle) {
while (($buffer = fgetss($handle, 1024)) !== false) {
echo $buffer;
}
if (!feof($handle)) {
echo "Error reading the file";
}
fclose($handle);
}The fopen function opens the file in read-only mode. Inside the while loop, fgetss reads the file line by line. Since the allowed_tags parameter is not specified, all HTML and PHP tags are removed, ensuring pure text output.
Combining with the htmlentities function, HTML tags can be converted into entity characters, further preventing security vulnerabilities such as XSS. Here is an example:
$filename = "input.txt";
$handle = fopen($filename, "r");
if ($handle) {
while (($buffer = fgetss($handle, 1024)) !== false) {
$buffer = htmlentities($buffer);
echo $buffer;
}
if (!feof($handle)) {
echo "Error reading the file";
}
fclose($handle);
}This example ensures that each line read is passed through HTML entity encoding to avoid potential script injection risks.
If you want to keep some specific HTML tags while filtering, you can use the allowed_tags parameter. For example:
$filename = "input.txt";
$handle = fopen($filename, "r");
if ($handle) {
while (($buffer = fgetss($handle, 1024, '<p><a>')) !== false) {
echo $buffer;
}
if (!feof($handle)) {
echo "Error reading the file";
}
fclose($handle);
}In this example, fgetss filters out all HTML and PHP tags except for
and tags, which are preserved — useful when some formatting needs to be maintained.
The fgetss function is a very useful PHP file reading tool that removes HTML and PHP tags while reading, helping to avoid code injection and cross-site scripting attacks. When combined with htmlentities, it enhances data security. Additionally, the allowed_tags parameter provides flexible control over which tags to keep, meeting various development needs.
