Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Mar 2006
    Location
    Denver, CO
    Posts
    43
    Thanks
    0
    Thanked 0 Times in 0 Posts

    replacing multiple characters in a string

    I'm learning PHP and have a question...

    I want to remove some characters from form input. Using this:

    $comment = str_replace('example', 'Example', $comment);

    works great, but how would I replace more than one charcter or string? Would it be done with an array? I knew how to with Perl, but I can't find the equivilent in PHP.



    Also, for security purposes, would removing characters like ";<>&*~|#" from the form input be a good start in keeping my forms less open to sneaky coders? Maybe replacing those characters with the ISO character set numbers? This is for a guestbook-type page, so I feel that high security isn't that necessary for the file the input is being written to. I just don't want people to be able to screw around with other files via the form.

    Any tips?

  • #2
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    You can do this with an array, by using something like
    $comment = str_replace(array('"', ';', '<', 'etc'), '', $comment)

    Most people would use a regular expression, which is kind of a can of worms in and of itself, but if you have a perl background it shouldn't be too bad:

    $comment = preg_replace('/[";<>&*~|#]/', '', $comment)

    Or, better in most cases for this purpose, use a negated character class:

    $comment = preg_replace('/[^a-z0-9]/i', '', $comment)

    which blanks everything that's not a letter (/i is the case insensitive switch) or a number

  • #3
    New Coder
    Join Date
    Mar 2006
    Location
    Denver, CO
    Posts
    43
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ralph...

    Your bottom 2 examples look pretty familiar so I think I know what to do.

    Is there a difference in preg_replace and str_replace?

    Thanks for the response.

  • #4
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    Yeah, str_replace only replaces a literal string, preg_replace allows regular expressions.

  • #5
    New Coder
    Join Date
    Mar 2006
    Location
    Denver, CO
    Posts
    43
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks again for the info & link!

  • #6
    fci
    fci is offline
    Senior Coder
    Join Date
    Aug 2004
    Location
    Twin Cities
    Posts
    1,345
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ralph l mayo
    Yeah, str_replace only replaces a literal string
    incorrect
    $phrase = "You should eat fruits, vegetables, and fiber every day.";
    $healthy = array("fruits", "vegetables", "fiber");
    $yummy = array("pizza", "beer", "ice cream");

    $newphrase = str_replace($healthy, $yummy, $phrase);
    although I would personally go with preg_replace..

  • #7
    New Coder
    Join Date
    Mar 2006
    Location
    Denver, CO
    Posts
    43
    Thanks
    0
    Thanked 0 Times in 0 Posts
    fci,

    I had witten this as a reg expression in Perl already, and it looks like it should work fine with a little modification. Thanks for clearing up the array method of replacing those.

  • #8
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    Quote Originally Posted by fci
    incorrect
    If by incorrect you mean correct. That's an iterative replacement of string literals. Also, I included that method in my first post.

  • #9
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,040
    Thanks
    10
    Thanked 92 Times in 90 Posts
    Quote Originally Posted by ralph l mayo
    If by incorrect you mean correct. That's an iterative replacement of string literals. Also, I included that method in my first post.

    ...and is much faster than preg_* , use str_replace where you can.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #10
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    Quote Originally Posted by firepages
    ...and is much faster than preg_* , use str_replace where you can.
    True, if your web app is somehow bottlenecked by form validation. I stand by my recommendation of a negated regular expression character set, as default denial is more secure.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •