I'm trying to remove forbidden chars from a string.
$forbidden = array( "<", ">", "{", "}", "[", "]", "(", ")", "select", "update", "delete", "insert", "drop", "concat", "script");
foreach ($forbidden as $forbidChar) {
if (preg_match("/$forbidChar/i", $string)) {
return TRUE;
}
return FALSE;
}
But it's not working as expected, where did I go wrong?
You can do this with a single regex like this:
$forbidden = array(
"<", ">", "{", "}", "[", "]", "(", ")",
"select", "update", "delete", "insert", "drop", "concat", "script");
$forbidden = array_map( 'preg_quote', $forbidden, array_fill( 0, count( $forbidden), '/'));
return (bool) preg_match( '/' . implode( '|', $forbidden) . '/', $string);
This properly escapes all of the characters with preg_quote(), and forms a single regex to test for all of the cases.
Note: I haven't tested it, but it should work.
You need to use preg_replace() if you want characters to be replaced. Not preg_match().
You may also want to ensure that your forbidden characters are properly escaped using preg_quote().
You need to escape the character "[", "]", "(", ")" with "\[", "\]", "\)", "\)"
Here is the working code,
<?php
$string = "dfds fdsf dsfs fkldsk select dsasd asdasd";
$forbidden = array(
"<", ">", "{", "}", "\[", "\]", "\(", "\)",
"select", "update", "delete", "insert", "drop", "concat", "script");
foreach ($forbidden as $forbidChar) {
if (preg_match("/$forbidChar/i", $string)) {
exit('Forbidden char dtected');
return TRUE;
}
return FALSE;
}
?>
You can use the performanter string_replace function to do this
<?php
$forbidden = array(
"<", ">", "{", "}", "[", "]", "(", ")",
"select", "update", "delete", "insert", "drop", "concat", "script");
$cleanString = str_ireplace($forbidden, "", $string);
?>
Related
I have a PHP function as follows:
<?php
function fixEncoding ($str){
$searchVal = array("?", "=", ":", ";", "#", "+", "%", "&" );
$replaceVal = array("%3F", "%3D", "%3A", "%3B", "%23", "%2B", "%25", "%26" );
return str_replace($searchVal, $replaceVal, $str);
}
$test_string = "www.joensuu.fi/documents/144181/2569169/Joensuun-Areena.jpg/69933c17-e619-7d05-a64a-94bfbb533da9?t=1550323540726";
$result = fixEncoding($test_string);
echo $result;
?>
Output:
www.joensuu.fi/documents/144181/2569169/Joensuun-Areena.jpg/69933c17-e619-7d05-a64a-94bfbb533da9%253Ft%253D1550323540726
This function successfully replaces '?' and '=' characters, however, it later replaces their '%' character with '%25' also, which does not make it expected output.
Any suggestions, for how I can handle this.
put % first in your array like
$searchVal = array("%", "?", "=", ":", ";", "#", "+", "&" );
but you should also consider using JureW's answer
If I uderstand you correctly, you want something like this:
www.joensuu.fi%2Fdocuments%2F144181%2F2569169%2FJoensuun-Areena.jpg%2F69933c17-e619-7d05-a64a-94bfbb533da9%3Ft%3D1550323540726
If so, no need to build your own function:
print_r(urlencode($test_string)); // outputs same as example above
PHP has built in function for encoding/decoding url's, so lets not reinvent the wheel and use those :)
try this:
function fixEncoding ($str){
return urlencode($str);
}
$test_string = "test???";
$result = fixEncoding($test_string);
echo $result;
I am trying to encode a sites current RFC 3986 standard and using this function:
function getUrl() {
$url = #( $_SERVER["HTTPS"] != 'on' ) ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ( $_SERVER["SERVER_PORT"] !== 80 ) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
$entities = array('%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D');
$replacements = array('!', '*', "'", "(", ")", ";", ":", "#", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]");
return str_replace($entities, $replacements, urlencode($url));
}
The URL added : http://localhost/test/test-countdown/?city=hayden&eventdate=20160301
Returns: http://localhost/test/test-countdown/?city=hayden&eventdate=20160301
Not encoded with the // and & replaced
While the canonical solution is to simply use rawurlencode() as fusion3k said, it's worth noting that, when rolling your own solution, you should:
Listen more closely to the spec and encode all characters that are not either alphanumeric or one of -_.~.
Be more lazy and refuse to type out all those entities. My rule of thumb is that I don't type of more than 10 array entries without a damn good reason. Automate!
Code:
function encode($str) {
return preg_replace_callback(
'/[^\w\-_.~]/',
function($a){ return sprintf("%%%02x", ord($a[0])); },
$str
);
}
var_dump(encode('http://localhost/test/test-countdown/?city=hayden&eventdate=20160301'));
Result:
string(88) "http%3a%2f%2flocalhost%2ftest%2ftest-countdown%2f%3fcity%3dhayden%26eventdate%3d20160301"
If you want encode an URL (not a site) in this format:
http%3A%2F%2Flocalhost%2Ftest%2Ftest-countdown%2F%3Fcity%3Dhayden%26eventdate%3D20160301
use the built-in php function rawurlencode( $url ).
Others have mentioned rawurlencode(), but the problem with your code is that you've got your arrays backwards.
Switch your arrays like this:
function getUrl() {
$url = #( $_SERVER["HTTPS"] != 'on' ) ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ( $_SERVER["SERVER_PORT"] !== 80 ) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
$entities = array('!', '*', "'", "(", ")", ";", ":", "#", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]");
$replacements = array('%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D');
return str_replace($entities, $replacements, urlencode($url));
}
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
URL Friendly Username in PHP?
Is there a way to make strings "URL safe" which means replacing whitespaces with hyphens, removing any punctuation and change all capital letters to lowercase?
For example:
"This is a STRING" -› "this-is-a-string"
or
"Hello World!" –› "hello-world"
You can use preg_replace to replace change those characters.
$safe = preg_replace('/^-+|-+$/', '', strtolower(preg_replace('/[^a-zA-Z0-9]+/', '-', $string)));
I Often use this function to generate my clean urls and seems to work fine,
You could alter it according to your needs but give it a try.
function sanitize($string, $force_lowercase = true, $anal = false) {
$strip = array("~", "`", "!", "#", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—",
"—", "–", ",", "<", ".", ">", "/", "?");
$clean = trim(str_replace($strip, "", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($anal) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
return ($force_lowercase) ?
(function_exists('mb_strtolower')) ?
mb_strtolower($clean, 'UTF-8') :
strtolower($clean) :
$clean;
}
I am using following PHP code to escape user input however &,# and ; can not be escaped since these are also used in the codes of other special characters. Here is my code
>$data = preg_replace("/</", "<", $data);
>$data = preg_replace("/>/", ">", $data);
>$data = preg_replace("/\"/", """, $data);
>$data = preg_replace("/\(/", "(", $data);
>$data = preg_replace("/\)/", ")", $data);
>$data = preg_replace("/'/", "'", $data);
>$data = preg_replace("/{/", "{", $data);
>$data = preg_replace("/}/", "}", $data);
>$data = preg_replace("/\`/", "`", $data);//tick mark
>$data = preg_replace("/\[/", "[", $data);
>$data = preg_replace("/\]/", "]", $data);
>$data = preg_replace("/\=/", "=", $data);
SO can you tell me how to escape &, # and ; with out disturbing rest of the code. Am sure this must have been asked many times to if u can direct me to relevant post. Also if some firend has created his own code / module / class for escaping that will be really cool
You better should use htmlentites(), which will do all work for you :
$data = htmlentities($data, ENT_QUOTES);
Documentations here
is there any PHP function available that replaces spaces and underscores from a string with dashes?
Like:
Some Word
Some_Word
Some___Word
Some Word
Some ) # $ ^ Word
=> some-word
basically, the sanitized string should only contain a-z characters, numbers (0-9), and dashes (-).
This should produce the desired result:
$someword = strtolower(preg_replace("/[^a-z]+/i", "-", $theword));
<?php
function sanitize($s) {
// This RegEx removes any group of non-alphanumeric or dash
// character and replaces it/them with a dash
return strtolower(preg_replace('/[^a-z0-9-]+/i', '-', $s));
}
echo sanitize('Some Word') . "\n";
echo sanitize('Some_Word') . "\n";
echo sanitize('Some___Word') . "\n";
echo sanitize('Some Word') . "\n";
echo sanitize('Some ) # $ ^ Word') . "\n";
Output:
Some-Word
Some-Word
Some-Word
Some-Word
Some-Word
You might like to try preg_replace:
http://php.net/manual/en/function.preg-replace.php
Example from this page:
<?php
$string = 'April 15, 2003';
$pattern = '/(\w+) (\d+), (\d+)/i';
$replacement = '${1}1,$3';
echo preg_replace($pattern, $replacement, $string);
//April1,2003
?>
You might like to try a search for "search friendly URLs with PHP" as there is quite a bit of documentation, example:
function friendlyURL($string){
$string = preg_replace("`\[.*\]`U","",$string);
$string = preg_replace('`&(amp;)?#?[a-z0-9]+;`i','-',$string);
$string = htmlentities($string, ENT_COMPAT, 'utf-8');
$string = preg_replace( "`&([a-z])(acute|uml|circ|grave|ring|cedil|slash|tilde|caron|lig|quot|rsquo);`i","\\1", $string );
$string = preg_replace( array("`[^a-z0-9]`i","`[-]+`") , "-", $string);
return strtolower(trim($string, '-'));
}
and usage:
$myFriendlyURL = friendlyURL("Barca rejects FIFA statement on Olympics row");
echo $myFriendlyURL; // will echo barca-rejects-fifa-statement-on-olympics-row
Source: http://htmlblog.net/seo-friendly-url-in-php/
I found a few interesting solutions throughout the web.. note none of this is my code. Simply copied here in hopes of helping you build a custom function for your own app.
This has been copied from Chyrp. Should work well for your needs!
/**
* Function: sanitize
* Returns a sanitized string, typically for URLs.
*
* Parameters:
* $string - The string to sanitize.
* $force_lowercase - Force the string to lowercase?
* $anal - If set to *true*, will remove all non-alphanumeric characters.
*/
function sanitize($string, $force_lowercase = true, $anal = false) {
$strip = array("~", "`", "!", "#", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—",
"—", "–", ",", "<", ".", ">", "/", "?");
$clean = trim(str_replace($strip, "", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($anal) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
return ($force_lowercase) ?
(function_exists('mb_strtolower')) ?
mb_strtolower($clean, 'UTF-8') :
strtolower($clean) :
$clean;
}
EDIT:
Even easier function I found! Just a few lines of code, fairly self-explanitory.
function slug($z){
$z = strtolower($z);
$z = preg_replace('/[^a-z0-9 -]+/', '', $z);
$z = str_replace(' ', '-', $z);
return trim($z, '-');
}
Not sure why #Dagon chose to leave a comment instead of an answer, but here's an expansion of his answer.
php's preg_replace function allows you to replace anything with anything else.
Here's an example for your case:
$input = "a word 435 (*^(*& HaHa";
$dashesOnly = preg_replace("#[^-a-zA-Z0-9]+#", "-", $input);
print $dashesOnly; // prints a-word-435-HaHa;
You can think of writing this piece of code with the help of regular expressions.
But I dont see any available functions which help you directly replace the " " with "-"