I know this sounds simple, and probably is, but I can't seem ot get this working. Just want to replace all occurences of a double quote with a single quote...tired this but it doesn't work:
$con = str_replace("\"", "'", $content);
Or:
$con = str_replace(chr(34), chr(39), $content);
What you do is correct and should work. If it doesn't, then you may only SEE double quotes, but in reality these are other characters. Possible is html " character rendered as ". There are also several chars very similar to double quotes. hey 'happen' especially when pasting text from word or openoffice. You'll include all possibilities in str_replace (it can take arrays of strings as parameters).
I had the same problem with input from a form.
I used " for my search string and it worked great.
$con = str_replace(""", "'", $content);
Related
About 2 of some of the Websites we did got hacked. We spent hours trying to see what went wrong. The loophole was the str_replace vs \0 the [Null Char] .
While using str_replace with Single Quotes ['].
Something like:
$str = 'java\0scr\0ip\0t:alert(\"XSS\")';
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); // string 'java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")' (length=62);
echo $clean_null_chars; //java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")
However, using str_replace with Double Quotes ["], Nothing happens
Something like:
$str= "java\0scr\0ip\0t:alert(\"XSS\")";
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); //string 'java�scr�ip�t:alert("XSS")' (length=26);
// ....[Notice the _Null Char_ rendered as question marks in var_dump]
echo $clean_null_chars;// javascript:alert("XSS")
Thus some genius managed to abuse the loophole.
Is this a normal behavior for str_replace when either Single Quotes or Double Quotes are involved?
here http://php.net/manual/en/function.str-replace.php they use both ['] and ["] no mention of different behaviors.
Any Ideas??
I have a PHP script which reads some input and saved it in the database. The input could have single or double quotes. I am changing the quotes to their ISO Latin-1 codes to avoid problems with escaping. For single quotes, my code is:
$str = str_replace("'", "'", $str);
With this code, if the input is "Jack's book", it is being correctly saved in the database as Jack's (code in place of ') book. But when I do this with double quotes:
$str = str_replace("\"", """, $str);
nothing gets saved in the database at all. Can anyone tell me why?
Did you try
$str = str_replace('"', """, $str);
to do the job? (double-quote in single-quotes)
Here's a fiddle demonstrating the problem: http://phpfiddle.org/lite/code/hd0t-ebjr
<?php
require "simple_html_dom.php";
$html = file_get_html("https://play.google.com/store/apps/details?id=com.vlambeer.RidiculousFishing&hl=en");
$test = $html->find('.id-app-orig-desc', 0)->innertext;
$data = [
'test' => $test
];
die(var_dump(json_encode($data)));
?>
Scroll down and you'll notice that all the double quotes are not escaped correctly. Although other characters are ("/" for example).
The weird thing is, that I can't seem to reproduce it when copying the test string into the php code. Only when loading it from the url.
Any idea what could be happening here?
These double quotes are not really double quotes. They are just entity html, ", no need to escape it.
I am using PHP/mysqli to read in comments, but various comments in the table have either a single quote or a double quote.
I am storing the comments in a data-attribute. Using the Chrome console, I can see where the quote is throwing the whole code out of whack.
<?php
echo "<td><a href='' class='comment' data-toggle='modal' data-comment='".htmlentities($row[comment])."'>" . $row[partner_name] . "</a></td>";
?>
As you can see in the code above, I tried to use htmlentities. I also tried addslashes and a combination of the two.
Either way, I still can't get the comment to display properly because of the quote inside the mysql table.
Is there another PHP function that I can use to fix this?
Directly above is a screen shot from the Chrome console. Right after the words POTENTIAL 53 there is a single quote that is throwing my code off. All the other orange text is being read as HTML when it's supposed to be part of the comment.
There has to be a way to read the single quote as part of the string.
Pass the flag, ENT_QUOTES, to your htmlentities function. See http://php.net/htmlentities. This will replace quotes with entified quote and prevent it from breaking out of the data-comment attribute.
Well, there are two problems:
You have to encode stuff, especially quotes:
$text = htmlentities($value, ENT_QUOTES);
The title attribute does not work with newlines, so you will have to deal that. Something like this should do the job:
$text = preg_replace('/\r?\n/', '#xA;', $text);
Try escaping the quotes in your data. Something to this affect:
$pattern = "/\"|\'/";
$replace = '\\\"';
$subject = $row[comment];
$rowComment = preg_filter($pattern, $replace, $subject);
*Tip - You can also filter the data before storing it.
Description: echo $rowComment will produce a string with all quotes escaped;
I am looking for the best way to strip single quotes as it keeps breaking my important.
so
The image’s emotiveness enables
only comes through as
The image
It breaks at the single quote ' .I need a good way to strip out the tags can someone help.
I have looked at stripslashes();
Whats the best way function to stripout , - £
any help please.
MANAGED TO FIX IT>
Thank you for your help people i manage to fix it using the following function.
string utf8_encode ( string $data )
Cant figure out why it was coming out in that format from the database all i can think is it 6 years old website.
;)
I'm not 100% certain because PHP isn't my forte, but I think you need to look at something like urlencode(). This will encode all the special characters properly.
Note: This will remove all single quotes!
str_replace("'", "", $your_string);
example:
$your_string = "The image’s emotiveness enables.";
echo str_replace("'", "", $your_string);
output
The images emotiveness enables.
If you want to keep single quotes in string you should consider using real escape functions (recommended).
It sounds like what you really want is to encode the single quotes, not remove them. On the assumption that you are inserting into the MySQL database, look into mysql_real_escape_string.
The best way to get rid of specific characters is using str_replace.
To remove all single quotes from a string:
$noQuotes = str_replace("'", '', $stringWithQuotes);
There is several ways, depending on what are you doing.
You could use addslashes to escape all single / double quotes. You can unescape it with stripslashes later.
If you are planning on saving those data into MySQL database, you should use mysql_real_escape_string.
If you want to output data on HTML page, use htmlspecialchars to convert all special characters into HTML entities.
The next way is to use str_replace to remove all quotes, as few other people in this thread already mentioned.