How can i delete a html-special char \ from a string.
$string = 'This is \ a string with \ special characters \';
str_replace("char_to_rep","",$string); // replacing with nothing means deleting
also ref.
how-to-remove-html-special-chars
str_replace("#"," ",$string)
try this code for all special char
use str_replace and replace special char with an empty character
thanks a lot for help, but is there a better way tho do this below?
$post = '(&repl^eac&e_+';
function repleace($post) {
$array = array('.html', '.php', '±', '§', '!', '#', '€', '`', '#', '$', '%', '^', '&', '*', '(', ')', '+', '=', '<', '>', '?', '/', '|', '[', ']', ':', ';', ',', '~', '.');
$post = str_replace($array, '', $post);
$post = str_replace(' ', '_', $post);
$post = str_replace('-', '_', $post);
return strtolower('/'.$post.'/');
}
function($input) {
$input = preg_replace("/&#?[a-z0-9]{2,8};/i","",$input);
$input = ucfirst($input);
return $input;
}
The php pre_repleace function within the /&#?[a-z0-9]{2,8};/i characters works fine.
Related
This is my simple code function in php
function replaceCharact($input,$action){
$output_1 = str_replace('(', "%11%", $input);
$output_2 = str_replace(')', '%12%', $output_1);
$output_3 = str_replace('[', '%13%', $output_2);
$output_4 = str_replace(']', '%14%', $output_3);
$output_5 = str_replace('"', '%15%', $output_4);
$output_6 = str_replace('/', '%16%', $output_5);
$output_7 = str_replace('"\"', '%17%', $output_6);
$output_8 = str_replace('!', '%18%', $output_7);
$output_9 = str_replace('<', '%19%', $output_8);
$output_10 = str_replace('>', '%20%', $output_9);
return $output_10;
}
Only the "!"($output_8) change to %19%. The others output display nothing. Can you help me with this?
To simplify mass replacements using an array, try this...
$replacement = array(
'(' => "%11%",
')' => '%12%',
'[' => '%13%',
']' => '%14%'
// etc etc
);
$string = str_replace( array_keys( $replacement ), $replacement, $string );
https://3v4l.org/kmXZp
I have this code as anti-html and sql injection for a online game but it doesn't work and gives me the following error:
Fatal error: Only variables can be passed by reference
Here is my code:
$_POST = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', '' ', '\', $_POST);
$_GET = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', ''', '\', $_GET);
It's for the first of the two lines, but i'm sure that the problem will be for the second one too. I'm not good at php and these are files i took from the web.
How can i solve this?
You don't need to implement your own XSS filter, as there is already existing one
And you can take advantage of this in this way:
$_POST = filter($_POST);
$_GET = filter($_GET);
function filter(array $value) {
return is_array($value) ? array_map(__FUNCTION__, $value) : htmlentities($value);
}
This will filter nested arrays as well (in case your input was like name[])
Maybe like this :
$post_vars = array();
for ($i=0; i<count($_POST); $i++)
{
$post_vars[$i] = str_replace('<', '>', '\'', '\'', '\\', '<', '>', '"', '' ', '\', $_POST[$i]);
}
Same goes for the $_GET array.
I have a function that generates a hash and filters out characters:
$str = base64_encode(md5("mystring"));
$str = str_replace( "+", "_",
str_replace( "/", "-",
str_replace( "=", "x" $str
)));
What is the "right" way to do this in php?
i.e., is there a cleaner way?
// Let "tr()" be an imaginary function
$str = base64_encode(md5("mystring"));
$str = tr( "+/=", "_-x", $str );
There's a couple options here, first using str_replace properly:
$str = str_replace(array('+', '/', '='), array('_', '-', 'x'), $str);
And there's also the always-forgotten strtr:
$str = strtr($str, '+/=', '_-x');
You can use arrays in str_replace like this
$replace = Array('+', '/', '=');
$with = Array('_', '-', 'x');
$str = str_replace($replace, $with, $str);
Hope it helped
You can also use strtr with an array.
strtr('replace :this value', array(
':this' => 'that'
));
I have a function like this:
func_seo.php
<?php
function seo_title($s) {
$c = array (' ');
$d = array ('-','/','\\',',','.','#',':',';','\'','"','[',']','{','}',')','(','|','`','~','!','#','%','$','^','&','*','=','?','+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
?>
I want to use the function in App::Model.
I create like this, but it doesn't work:
<?php
class MyModel extends AppModel{
var $name = 'MyModel';
public function beforeSave(){
$this->element('func_seo'); //Function Element View/Elements/func_seo.php
$this->data['MyModel']['name_seo'] = seo_title($this->data['MyModel']['tutorial_name']);
return true;
}
}
?>
This code should go into a Helper as it formats the output. This will also make sure the code can be easy reused between projects. Best would be to put it into something like an Utils plugin and share that as a git submodule between the apps.
If you want to store the changed data persistent to the DB make it a behaviour instead.
Your example code is wrong because it is a violation of the MVC pattern as you try to render an element in a model which is wrong.
Your variable naming is bad. $a + $b = $c. Hey, did you know that I meant to calculate a date by this? No. always give variables meaningful names. Check the coding conventions and follow them as well. Clean code is a good read as well.
Also pay attention to the scope keywords, don't mix var with public / protected / private. If you don't know what they mean check this page.
I don't know what's the best practice to use your own functions like this, but I would actually put the stuff from func_seo.php into a Behavior, so all of your models can use it like $this->seoTitle().
It also might be a design mistake to include your generic functions like this into the app.
You can use the function like this.
<?php
class MyModel extends AppModel {
var $name = 'MyModel';
public function beforeSave() {
$this->data['MyModel']['name_seo'] = $this->seo_title($this->data['MyModel']['tutorial_name']);
return true;
}
public function seo_title($s) {
$c = array(' ');
$d = array('-', '/', '\\', ',', '.', '#', ':', ';', '\'', '"', '[', ']', '{', '}', ')', '(', '|', '`', '~', '!', '#', '%', '$', '^', '&', '*', '=', '?', '+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
}
?>
or you can implement this function in App controller
public function seo_title($s) {
$c = array(' ');
$d = array('-', '/', '\\', ',', '.', '#', ':', ';', '\'', '"', '[', ']', '{', '}', ')', '(', '|', '`', '~', '!', '#', '%', '$', '^', '&', '*', '=', '?', '+');
$s = str_replace($d, '', $s);
$s = strtolower(str_replace($c, '-', $s));
return $s;
}
and in your controller you can set like this
$this->request->data['MyModel']['name_seo'] =
$this->seo_title($this->request->data['MyModel']['tutorial_name']);
This function already exist as Inflector::slug
I had my data called from db with words contained ' such as company's and some words display like company\\\\\'s, despite I had a function to replaced all those special characters into normal, but wording like company\'s is still around. Is there any proper way to replace all kind of special characters properly?
function chrEncode($data) {
$data = str_replace('’', ''' ,$data);
$data = str_replace('é', 'é' ,$data);
$data = str_replace('â€', '-' ,$data);
$data = str_replace('-œ', '"' ,$data);
$data = str_replace('“', '"' ,$data);
$data = str_replace('ê', 'ê' ,$data);
$data = str_replace('ö', 'ö' ,$data);
$data = str_replace('…', '...' ,$data);
$data = str_replace('-¦', '...' ,$data);
$data = str_replace('–', '–' ,$data);
$data = str_replace('′s', '’' ,$data);
$data = str_replace('-²s', '’' ,$data);
$data = str_replace('‘', ''' ,$data);
$data = str_replace('-˜', ''' ,$data);
$data = str_replace('-“', '-' ,$data);
$data = str_replace('è', 'è' ,$data);
$data = str_replace('(', '(' ,$data);
$data = str_replace(')', ')' ,$data);
$data = str_replace('•', '•' ,$data);
$data = str_replace('-¢', '•' ,$data);
$data = str_replace('§', '•' ,$data);
$data = str_replace('®', '®' ,$data);
$data = str_replace('â„¢', '™' ,$data);
$data = str_replace('ñ', 'ñ' ,$data);
$data = str_replace('Å‘s', 'ő' ,$data);
$data = str_replace('\\\"', '"' ,$data);
$data = str_replace("\r", '<br>' ,$data);
$data = str_replace("\\r", '<br>' ,$data);
$data = str_replace("\n", '<br>' ,$data);
$data = str_replace("\\n", '<br>' ,$data);
$data = str_replace("\\\'", ''' ,$data);
$data = str_replace("'", "'" ,$data);
return $data;
}
Please advise, thanks!
There is a inbuilt php function stripslashes
echo stripslashes($data);
You can remove all special character by using preg_replace like this:
preg_replace('/[^a-zA-Z0-9_ %\[\]\.\(\)%&-]/s', '', $String);
or only for slashes:
$str = 'h///e/ll\\o\\//\\';
str_replace(array('\\', '/'), '', $str); // output hello
Another solution:- create a clean function
function clean($string) {
$string = str_replace('', '-', $string); // Replaces all spaces with hyphens.
return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
}
Usage:-
echo clean('a|"bc!#£de^&$f g');
Will output: abcdef-g
This are the special characters You need to escape them with extra backslash like this
str_replace("\\","", $data);
stripslashes is needed to get rid off the slashes...
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);
You can use mysql_real_escape_string() function when insert or update, and you will not have to replace special chars like ', quot, etc.