Preg_replace &, ; and # - php

I am using following PHP code to escape user input however &,# and ; can not be escaped since these are also used in the codes of other special characters. Here is my code
>$data = preg_replace("/</", "<", $data);
>$data = preg_replace("/>/", ">", $data);
>$data = preg_replace("/\"/", """, $data);
>$data = preg_replace("/\(/", "(", $data);
>$data = preg_replace("/\)/", ")", $data);
>$data = preg_replace("/'/", "'", $data);
>$data = preg_replace("/{/", "{", $data);
>$data = preg_replace("/}/", "}", $data);
>$data = preg_replace("/\`/", "`", $data);//tick mark
>$data = preg_replace("/\[/", "[", $data);
>$data = preg_replace("/\]/", "]", $data);
>$data = preg_replace("/\=/", "=", $data);
SO can you tell me how to escape &, # and ; with out disturbing rest of the code. Am sure this must have been asked many times to if u can direct me to relevant post. Also if some firend has created his own code / module / class for escaping that will be really cool


You better should use htmlentites(), which will do all work for you :
$data = htmlentities($data, ENT_QUOTES);
Documentations here

Related

String function (str_replace) in php

I have a PHP function as follows:
<?php
function fixEncoding ($str){
$searchVal = array("?", "=", ":", ";", "#", "+", "%", "&" );
$replaceVal = array("%3F", "%3D", "%3A", "%3B", "%23", "%2B", "%25", "%26" );
return str_replace($searchVal, $replaceVal, $str);
}
$test_string = "www.joensuu.fi/documents/144181/2569169/Joensuun-Areena.jpg/69933c17-e619-7d05-a64a-94bfbb533da9?t=1550323540726";
$result = fixEncoding($test_string);
echo $result;
?>
Output:
www.joensuu.fi/documents/144181/2569169/Joensuun-Areena.jpg/69933c17-e619-7d05-a64a-94bfbb533da9%253Ft%253D1550323540726
This function successfully replaces '?' and '=' characters, however, it later replaces their '%' character with '%25' also, which does not make it expected output.
Any suggestions, for how I can handle this.

put % first in your array like
$searchVal = array("%", "?", "=", ":", ";", "#", "+", "&" );
but you should also consider using JureW's answer

If I uderstand you correctly, you want something like this:
www.joensuu.fi%2Fdocuments%2F144181%2F2569169%2FJoensuun-Areena.jpg%2F69933c17-e619-7d05-a64a-94bfbb533da9%3Ft%3D1550323540726
If so, no need to build your own function:
print_r(urlencode($test_string)); // outputs same as example above
PHP has built in function for encoding/decoding url's, so lets not reinvent the wheel and use those :)

try this:
function fixEncoding ($str){
return urlencode($str);
}
$test_string = "test???";
$result = fixEncoding($test_string);
echo $result;

PHP str_replace slash and quote

I had my data called from db with words contained ' such as company's and some words display like company\\\\\'s, despite I had a function to replaced all those special characters into normal, but wording like company\'s is still around. Is there any proper way to replace all kind of special characters properly?
function chrEncode($data) {
$data = str_replace('’', ''' ,$data);
$data = str_replace('é', 'é' ,$data);
$data = str_replace('â€', '-' ,$data);
$data = str_replace('-œ', '"' ,$data);
$data = str_replace('“', '"' ,$data);
$data = str_replace('ê', 'ê' ,$data);
$data = str_replace('ö', 'ö' ,$data);
$data = str_replace('…', '...' ,$data);
$data = str_replace('-¦', '...' ,$data);
$data = str_replace('–', '–' ,$data);
$data = str_replace('′s', '’' ,$data);
$data = str_replace('-²s', '’' ,$data);
$data = str_replace('‘', ''' ,$data);
$data = str_replace('-˜', ''' ,$data);
$data = str_replace('-“', '-' ,$data);
$data = str_replace('è', 'è' ,$data);
$data = str_replace('(', '(' ,$data);
$data = str_replace(')', ')' ,$data);
$data = str_replace('•', '•' ,$data);
$data = str_replace('-¢', '•' ,$data);
$data = str_replace('§', '•' ,$data);
$data = str_replace('®', '®' ,$data);
$data = str_replace('â„¢', '™' ,$data);
$data = str_replace('ñ', 'ñ' ,$data);
$data = str_replace('Å‘s', 'ő' ,$data);
$data = str_replace('\\\"', '"' ,$data);
$data = str_replace("\r", '<br>' ,$data);
$data = str_replace("\\r", '<br>' ,$data);
$data = str_replace("\n", '<br>' ,$data);
$data = str_replace("\\n", '<br>' ,$data);
$data = str_replace("\\\'", '&#39' ,$data);
$data = str_replace("'", "&#39" ,$data);
return $data;
}
Please advise, thanks!

There is a inbuilt php function stripslashes
echo stripslashes($data);

You can remove all special character by using preg_replace like this:
preg_replace('/[^a-zA-Z0-9_ %\[\]\.\(\)%&-]/s', '', $String);
or only for slashes:
$str = 'h///e/ll\\o\\//\\';
str_replace(array('\\', '/'), '', $str); // output hello
Another solution:- create a clean function
function clean($string) {
$string = str_replace('', '-', $string); // Replaces all spaces with hyphens.
return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
}
Usage:-
echo clean('a|"bc!#£de^&$f g');
Will output: abcdef-g

This are the special characters You need to escape them with extra backslash like this
str_replace("\\","", $data);

stripslashes is needed to get rid off the slashes...
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);

You can use mysql_real_escape_string() function when insert or update, and you will not have to replace special chars like ', quot, etc.

Making strings "URL safe" [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
URL Friendly Username in PHP?
Is there a way to make strings "URL safe" which means replacing whitespaces with hyphens, removing any punctuation and change all capital letters to lowercase?
For example:
"This is a STRING" -› "this-is-a-string"
or
"Hello World!" –› "hello-world"

You can use preg_replace to replace change those characters.
$safe = preg_replace('/^-+|-+$/', '', strtolower(preg_replace('/[^a-zA-Z0-9]+/', '-', $string)));

I Often use this function to generate my clean urls and seems to work fine,
You could alter it according to your needs but give it a try.
function sanitize($string, $force_lowercase = true, $anal = false) {
$strip = array("~", "`", "!", "#", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—",
"—", "–", ",", "<", ".", ">", "/", "?");
$clean = trim(str_replace($strip, "", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($anal) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
return ($force_lowercase) ?
(function_exists('mb_strtolower')) ?
mb_strtolower($clean, 'UTF-8') :
strtolower($clean) :
$clean;
}

preg_match to remove forbidden chars?

I'm trying to remove forbidden chars from a string.
$forbidden = array( "<", ">", "{", "}", "[", "]", "(", ")", "select", "update", "delete", "insert", "drop", "concat", "script");
foreach ($forbidden as $forbidChar) {
if (preg_match("/$forbidChar/i", $string)) {
return TRUE;
}
return FALSE;
}
But it's not working as expected, where did I go wrong?

You can do this with a single regex like this:
$forbidden = array(
"<", ">", "{", "}", "[", "]", "(", ")",
"select", "update", "delete", "insert", "drop", "concat", "script");
$forbidden = array_map( 'preg_quote', $forbidden, array_fill( 0, count( $forbidden), '/'));
return (bool) preg_match( '/' . implode( '|', $forbidden) . '/', $string);
This properly escapes all of the characters with preg_quote(), and forms a single regex to test for all of the cases.
Note: I haven't tested it, but it should work.

You need to use preg_replace() if you want characters to be replaced. Not preg_match().
You may also want to ensure that your forbidden characters are properly escaped using preg_quote().

You need to escape the character "[", "]", "(", ")" with "\[", "\]", "\)", "\)"
Here is the working code,
<?php
$string = "dfds fdsf dsfs fkldsk select dsasd asdasd";
$forbidden = array(
"<", ">", "{", "}", "\[", "\]", "\(", "\)",
"select", "update", "delete", "insert", "drop", "concat", "script");
foreach ($forbidden as $forbidChar) {
if (preg_match("/$forbidChar/i", $string)) {
exit('Forbidden char dtected');
return TRUE;
}
return FALSE;
}
?>

You can use the performanter string_replace function to do this
<?php
$forbidden = array(
"<", ">", "{", "}", "[", "]", "(", ")",
"select", "update", "delete", "insert", "drop", "concat", "script");
$cleanString = str_ireplace($forbidden, "", $string);
?>

PHP - a function to "sanitize" a string

is there any PHP function available that replaces spaces and underscores from a string with dashes?
Like:
Some Word
Some_Word
Some___Word
Some Word
Some ) # $ ^ Word
=> some-word
basically, the sanitized string should only contain a-z characters, numbers (0-9), and dashes (-).

This should produce the desired result:
$someword = strtolower(preg_replace("/[^a-z]+/i", "-", $theword));

<?php
function sanitize($s) {
// This RegEx removes any group of non-alphanumeric or dash
// character and replaces it/them with a dash
return strtolower(preg_replace('/[^a-z0-9-]+/i', '-', $s));
}
echo sanitize('Some Word') . "\n";
echo sanitize('Some_Word') . "\n";
echo sanitize('Some___Word') . "\n";
echo sanitize('Some Word') . "\n";
echo sanitize('Some ) # $ ^ Word') . "\n";
Output:
Some-Word
Some-Word
Some-Word
Some-Word
Some-Word

You might like to try preg_replace:
http://php.net/manual/en/function.preg-replace.php
Example from this page:
<?php
$string = 'April 15, 2003';
$pattern = '/(\w+) (\d+), (\d+)/i';
$replacement = '${1}1,$3';
echo preg_replace($pattern, $replacement, $string);
//April1,2003
?>
You might like to try a search for "search friendly URLs with PHP" as there is quite a bit of documentation, example:
function friendlyURL($string){
$string = preg_replace("`\[.*\]`U","",$string);
$string = preg_replace('`&(amp;)?#?[a-z0-9]+;`i','-',$string);
$string = htmlentities($string, ENT_COMPAT, 'utf-8');
$string = preg_replace( "`&([a-z])(acute|uml|circ|grave|ring|cedil|slash|tilde|caron|lig|quot|rsquo);`i","\\1", $string );
$string = preg_replace( array("`[^a-z0-9]`i","`[-]+`") , "-", $string);
return strtolower(trim($string, '-'));
}
and usage:
$myFriendlyURL = friendlyURL("Barca rejects FIFA statement on Olympics row");
echo $myFriendlyURL; // will echo barca-rejects-fifa-statement-on-olympics-row
Source: http://htmlblog.net/seo-friendly-url-in-php/

I found a few interesting solutions throughout the web.. note none of this is my code. Simply copied here in hopes of helping you build a custom function for your own app.
This has been copied from Chyrp. Should work well for your needs!
/**
* Function: sanitize
* Returns a sanitized string, typically for URLs.
*
* Parameters:
* $string - The string to sanitize.
* $force_lowercase - Force the string to lowercase?
* $anal - If set to *true*, will remove all non-alphanumeric characters.
*/
function sanitize($string, $force_lowercase = true, $anal = false) {
$strip = array("~", "`", "!", "#", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—",
"—", "–", ",", "<", ".", ">", "/", "?");
$clean = trim(str_replace($strip, "", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($anal) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
return ($force_lowercase) ?
(function_exists('mb_strtolower')) ?
mb_strtolower($clean, 'UTF-8') :
strtolower($clean) :
$clean;
}
EDIT:
Even easier function I found! Just a few lines of code, fairly self-explanitory.
function slug($z){
$z = strtolower($z);
$z = preg_replace('/[^a-z0-9 -]+/', '', $z);
$z = str_replace(' ', '-', $z);
return trim($z, '-');
}

Not sure why #Dagon chose to leave a comment instead of an answer, but here's an expansion of his answer.
php's preg_replace function allows you to replace anything with anything else.
Here's an example for your case:
$input = "a word 435 (*^(*& HaHa";
$dashesOnly = preg_replace("#[^-a-zA-Z0-9]+#", "-", $input);
print $dashesOnly; // prints a-word-435-HaHa;

You can think of writing this piece of code with the help of regular expressions.
But I dont see any available functions which help you directly replace the " " with "-"

Categories