I am hosting with fat cow and have been having issues with using strip tags with php 5. First they told me that strip tags doesn't work on php 5 and that I have to use php 4. I can't use php 4 my website doesn't work and I don't want to have to rewrite everything. So then after explaining that it does indeed work on php 5 they are now telling me that they won't enable it. When I ask why they tell me it must be a security problem, but they won't tell me what it is because they don't know. It doesn't make sense to me that there is a security problem with strip tags in php 5 but not php 4. So is there some sort of security problem with strip tags in php 5 that doesn't exist in php 4?
No I reckon what your host (fat cow) are just giving a bunch of lame excuses because they don't want to enable the function, - presumably because its not as easy to enable if your on shared. Looking at their site their plan contains unlimited everything...which is near impossible. However, if you post some sample code in which you use strip_tags() on, we can help you to work around it - but we'd need some sample code to give the best possible solution.
In the comments section of the strip_tags() function there are a couple of options that don't use strip_tags() but create the same effect. http://php.net/manual/en/function.strip-tags.php Hope that helps you By the way, your hosting company Also, there are apparently some security issues, though I was unaware before doing some research, if you would like to read a bit more check out this post: http://www.net-security.org/vuln.php?id=3570
The vulnerability was founded in 2004 theirfore aslong as the OP's host is up to date that should have been patched.
Thanks for your help everyone. Part of my website allows players to post descriptions for their player. I use a form (uses POST) and then put the description into the table. So for example: <PHP Connect to the database and post the information from the form $description=mysql_real_escape_string(trim($description)); Rest of code I was using preg match, but I didn't feel that was really safe to allow all the different variables people might want to use as part of their descriptions. If you have any suggestions for alternatives that would be great. Zerix, I haven't had time yet to look at the PHP manual and the alternatives posted on there, but will take a look thanks for the post. I talked to fatcow and apparently nobody can tell me why they won't enable strip tags and that the engineers would know so they are going to ask them. But they still won't enable it so I am most likely going to be switching companies. If anyone knows of a good hosting company please let me know, I use html, php, and mysql for my website. Thanks for all the help.
I personally use MediaTemple, it has been good for me though some MySql issues have left my sites down for up to 20 mins, though this happens only once every blue moon. It depends how much you want to pay really and what specs you need. I would avoid "unlimited" plans, they sound good but they are like cake. They are a lie!
Use this function: http://forums.digitalpoint.com/showthread.php?t=1795896#post14163350 Wherever you feel needs to be secured/sanitized.