strip_tags php function is leaving the tags

Question

my code below is giving an output when I check the page source of not removing the HTML tags for the username even though I specify to strip them. If I remove the <p> tags at the bottom and just echo through the PHP function Login() itself, strip_tags works, but if I try and output the value of strip tags in the HTML, it fails.

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
<?php

function Login() {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $username = strip_tags($username);
    $password = strip_tags($password);
    $username = trim($username);
    $password = trim($password);
?>


<?php echo "<p>" . $username . "</p>" ?></p>
<?php echo "<p>" . $password . "</p>" ?></p> 
</body>
</html>

Any insight as to why the echoed text $username and $password are being displayed with tags still would greatly be appreciated.

Answer 1

You're not calling the Login() function in this example and you're missing a } after the function declaration. Additionally, the variable scope is off. Consider the following :)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
</head>
<body>
<?php

function Login() {
    $username = strip_tags(trim($_POST['username']));
    $password = strip_tags(trim($_POST['password']));
    echo '<p>', $username, '</p><p>', $password, '</p>';
}

if (!empty($_POST)) Login();
?>
</body>
</html>