Page 1 of 1
How 2 avoid special characters from a string
Posted: Sat Jul 17, 2010 5:27 am
by nithinkk
i got a string rocks
$rocks=" With ( this one command, you can determine ) if the majority of the code has + been designed to rely on register globals. If grep yields a great number of matches, it’s likely that superglobals aren’t needed and can be safely disabled. On the other hand, - if the application is large and the command fails to return any or few | lines, you probably \have quite a/ bit for work to do to “mod- ernize” the program’s >input processing< mechanism."
How can i avoid special characters from a string ?
Re: How 2 avoid special characters from a string
Posted: Sat Jul 17, 2010 10:51 am
by Christopher
( You're ) post + does not \make/ much "sen-se".
You can use functions like str_replace(), preg_replace(), htmlentities(), htmlspecialchars() to remove/translate characters in strings.
Re: How 2 avoid special characters from a string
Posted: Sat Jul 17, 2010 1:35 pm
by AbraCadaver
Your string roxorz!
Re: How 2 avoid special characters from a string
Posted: Wed Jul 21, 2010 12:46 am
by nithinkk
Thanks a lot
This is what i did
// Cleaning the Strings before inserting to database
$rocks = preg_replace('/[^(\x20-\x7F)]*/','', $rocks);
$rocks = preg_replace('/[^a-zA-Z0-9-]/', ' ', $rocks);
$rocks = preg_replace('/^[-]+/', ' ', $rocks);
$rocks = preg_replace('/[-]+$/', ' ', $rocks);
$rocks = preg_replace('/[-]{2,}/', ' ', $rocks);
Re: How 2 avoid special characters from a string
Posted: Wed Jul 21, 2010 2:55 am
by Mordred
Wow, you're really afraid of that - sign, aren't you?
If you want to insert the string safely in a database, use the built-in database escape mechanism. For mysql, this would be mysql_real_escape_string()
Removing random characters from the string without understanding the problem is simply begging for trouble.
Re: How 2 avoid special characters from a string
Posted: Wed Jul 21, 2010 3:53 am
by nithinkk
[text] Does mysql escape string enough for security ????? [/text]
Re: How 2 avoid special characters from a string
Posted: Wed Jul 21, 2010 4:27 am
by Mordred
Code: Select all
$rocks = mysql_real_escape_string($rocks);
Does mysql escape string enough for security ?????
Almost. It is required, but not sufficient.
Re: How 2 avoid special characters from a string
Posted: Wed Jul 21, 2010 4:30 am
by nithinkk
[text]so can you tell me how to secure it properly !!! Actually that string is a feedback which is taken from user.....so i want to clean it before inserting it ....[/text]