View Full Version : testing for new line and tag characters in strings?

04-14-2012, 04:26 AM
Is this the best way to represent new line/(carriage return) and tab characters?

$_txtScreen = '+=()*&^%$#@!~\`"\'/<>|{}[]'."\n"."\r"."\t"."\n\r";

I want to screen for new lines and tabs in $_POST vars input.
I expect that they would only occur in input from textArea fields, normally.

Then escaping them properly is my problem. I assume they would be url encoded by the browser and url unencoded by php.

So testing I am using === to test equality and escaping
with '\'.(new line or tab char).'\'; as

if($_char === "\n")
$_char = "'\'".$char; // I want a literal representation here: \n, ideally

Alternative is to convert from functional representation to literal representation, but I am not sure how to do that. Or, maybe I don't
need to if is already rendered literal by php in the process of url unencode.

Thanks for time and attention.

04-14-2012, 07:53 PM
Comparative input would best be done using PHP_EOL constant. That should match the linefeed used by the OS, and should work with any explicit entry. It may not work properly with something from say a file, for which you should use a method that detects linefeeds like fgets or file.
You can pull the numeric representation of a char using ord(). chr() is the reverse, so \n would be reprsented as chr(10);.
As for patterns, pcre should have a linefeed which I believe is \v. I'm not 100% sure if this runs via the same concept as PHP_EOL or if it actually tries the combinations of \r and \n.

04-14-2012, 10:55 PM
The $_txtScreen variable is used in a loop testing each character in a
string against this value

if(strpos($_txtScreen, $_char[loop iterator]) > -1)
// the char is found in this list of characters
// add it to error accumulation string (so I want the literal version of \n of \n\r)

In the php manuals and various texts I have been using, it is suggested
to avoid using regex, as being slower than string processing functions.
So I am designing everything to avoid as much as possible, the use
of regex.