<script type="text/javascript">
Player.embed("ID", {soundFile: "http://yoursite.com/path/to/mp3_file.mp3"});
</script>
This is the snippet I need to parse in PHP. What characters do I need to use the backslash break on?
<script type=\"text\/javascript\">Player\.embed\(\"$2$3$4\"\, \{soundFile\: \"http://$2$3$4/$5\"\}\);
<\/script>
Do you mean:
string addslashes ( string $str )
Returns a string with backslashes before characters that need to be escaped. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
This source goes into it:
http://php.net/manual/en/function.addslashes.php
and this one:
http://www.w3schools.com/php/func_string_addslashes.asp
From the 2nd source, the addition of escape characters can be used to prepare a string for storage in a database and database queries.
-
Note: PHP runs addslashes() on all GET, POST, and COOKIE data by default, so you don't want to do it again and get double the escape slashes.
There's also a stripslashes() function for when it you need to undo it.
http://php.net/manual/en/function.stripslashes.php
Related
I have a use case where a customer needs to load JSON-serialized objects via a CSV import. Some of these objects contain strings which contain double-quotes. Typically I would simply add a '\' before the nested double-quote in order to escape it, however this seems to conflict with the parsing of the CSV file. We're using PHP 7.0 and the function "fgetcsv" to read the lines of the file. Whenever I do this I notice odd behavior after an escaped double-quote is encountered. Here's a sample row from the CSV:
"{""test"": ""\""this\"" is a test""}"
And here is how PHP reads this column using fgetcsv:
{"test": "\"this\"" is a test""}"
I have confirmed any double-quotes after the initial escaped double-quote run into this problem. Thinking the backslash may be causing issues with escaping I tried using another backslash to escape the backslash:
"{""test"": ""\\""this\\"" is a test""}"
And here's the result:
{"test": "\\"this\\" is a test"}
So while this does resolve the issue with any double-quotes beyond the first, I am left with two backslashes instead of one.
Without changing the underlying code, is there a way to escape this data so that fgetcsv will interpret it appropriately? Like so:
{"test": "\"this\" is a test"}
You could try using \" to represent a double quote instead of "".
E.g., "{\"test\": \"\\\"this\\\" is a test\"}"
Whether this works may depend on the version of fgetcsv you are using -- I'm not sure.
Alternatively, if you're using fgetcsv 5.3 or later, you could try changing the fgetcsv parameters to change the enclosure character or escape character so that it doesn't conflict with JSON. See the parameters in the fgetcsv docs.
enclosure
The optional enclosure parameter sets the field enclosure character (one character only).
escape
The optional escape parameter sets the escape character (one character only).
Note: Usually an enclosure character is escaped inside a field by doubling it; however, the escape character can be used as an alternative. So for the default parameter values "" and \" have the same meaning. Other than allowing to escape the enclosure character the escape character has no special meaning; it isn't even meant to escape itself.
(emphasis in original)
I'd like to keep a certain string in a configuration file, that is to be parsed by PHP parse_ini_file() function. However, this string contains some special characters (with codes like 0x2C or 0x3D) that need to be encoded in some way. Is there any way to write a special character with a hex code in such a file?
The proper way to escape INI values is to enclose them in "double quotes". If your string doesn't contain double quotes, you can use it in as a value enclosed in double quotes.
Escaping single quotes with a backslash seems to work as long as there are not two consecutive double quotes in the value, as per http://php.net/manual/en/function.parse-ini-file.php#100046
If you want to do your own escaping, you certainly can:
htmlspecialchars / htmlspecialchars_decode escapes <,>,& and ".
htmlentities / html_entitity_decode will escape very aggresively (but also very safely) to HTML entities
urlencode / urldecode will escape all special characters except _-~..
base64_encode / base64_decode will ensure the encoded string contains only alphanumeric characters and +=/. This might be optimal for encoding binary data but doesn't preserve readability.
Hi I was wondering if there is an easy way to escape strings in php.
In python I use """ """, and everything between there is escaped. so when using special characters it is ignored.
I have some text to echo, and escaping everything manually just takes forever.
Does php have a similar function built in ?
thanks!
Which are the characters do you have to escape?
You could use single quotes [docs]. The only characters that have to be escaped in such a string are \ and '.
If you have a long string, also have a look at heredoc [docs].
Since PHP 5.3, you can use nowdoc. As opposed to heredoc, nowdoc does not expand variables inside it.
There are various functions depending on what you want to escape.
If you are using a lot of double quotes, for example with html, you can wrap the string in single quotes to prevent having to escape.
$string = 'no escape needed';
The same goes the other way
$string = "I'd rather be gaming";
Then you have a couple of functions used mostly for escaping user input:
addslashes() that will escape quotes
htmlspecialchars() will 'escape' html codes
mysql_real_escape_string() for escaping mysql input
I have a string in PHP that contains both single and double quotes.
I am trying to use this string in some JSON output. To do this I need to escape double quotes, slashes, newlines etc.
I thought that addslashes() would do the job but it also escapes single quotes which causes the JSON to fail.
How can I escape all relevant special characters except for single quotes?
json_encode() will handle all that for you.
I fetch a field from a database that contains a rtf document.
For Example this could look like this:
{\rtf1\ansi\ansicpg1252\deff0\deflang1031{\fonttbl{\f0\fnil\fcharset0 Calibri;}}
{*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang7\f0\fs22 asdfasdf\par
a\par
sf\par
asd\par
fasd\par
\b dfas\b0\par
dfas\par
}
Now PHP fetches this as double quoted from the database, the result ist that the string will not be interpreded char wise... assumed special chars like '\r' and '\n' got recognized.
How can i convert from this double quoted to a single quoted string so that i got all raw chars? Or how can i achieve that the value is asigned as single quoted when i fetch it from database?
Thanks in advance
-ralf
Now PHP fetches this as double quoted
from the database
What? The result of mysql_fetch_row or whatewer is just a string. Nothing is reinterpreted in any way. \n just stays \n. Only string literals you write in the PHP file into double quotes will be "interpreted" and then stored as a string.
There is nothing like single- or double-quoted string. There are just single- or double-quoted string literals in the PHP source code from which the actual PHP strings will be made.
The only problem you have now is how to process/parse the RTF data. (Assuming the data was stored in blob column so there is no complication with character encodings.)
First of all you should invest some time who (or what) is escaping your code.
But for a quick solution, try to use the stripslashes() function:
$unsecaped = stripslashes( $database_data );
But I urge you try to find what is escaping the data.
This can occur:
Before inserting the data into database. This is typically caused by the PHP directive magic_quotes_gpc.
When retrieving the data from database.
Updated
I didn't understand your problem...
You want to keep all those backslashes but avoid to \r and \n being interpreted as carriage return and line feed...
Try to do a str_replace to find all those \r and \n and replacing them with \r and \n.
I don't know if \r could belong to any wise char, so maybe you should replace only " \r
"/" \n ", You'll need preg_replace() for this possibly.