Page 1 of 1

How 2 avoid special characters from a string

Posted: Sat Jul 17, 2010 5:27 am
by nithinkk
i got a string rocks

$rocks=" With ( this one command, you can determine ) if the majority of the code has + been designed to rely on register globals. If grep yields a great number of matches, it’s likely that superglobals aren’t needed and can be safely disabled. On the other hand, - if the application is large and the command fails to return any or few | lines, you probably \have quite a/ bit for work to do to “mod- ernize” the program’s >input processing< mechanism."

How can i avoid special characters from a string ?

Re: How 2 avoid special characters from a string

Posted: Sat Jul 17, 2010 10:51 am
by Christopher
( You're ) post + does not \make/ much "sen-se".

You can use functions like str_replace(), preg_replace(), htmlentities(), htmlspecialchars() to remove/translate characters in strings.

Re: How 2 avoid special characters from a string

Posted: Sat Jul 17, 2010 1:35 pm
by AbraCadaver
Your string roxorz!

Re: How 2 avoid special characters from a string

Posted: Wed Jul 21, 2010 12:46 am
by nithinkk
Thanks a lot :-)
This is what i did :-)

// Cleaning the Strings before inserting to database
$rocks = preg_replace('/[^(\x20-\x7F)]*/','', $rocks);
$rocks = preg_replace('/[^a-zA-Z0-9-]/', ' ', $rocks);
$rocks = preg_replace('/^[-]+/', ' ', $rocks);
$rocks = preg_replace('/[-]+$/', ' ', $rocks);
$rocks = preg_replace('/[-]{2,}/', ' ', $rocks);

Re: How 2 avoid special characters from a string

Posted: Wed Jul 21, 2010 2:55 am
by Mordred
Wow, you're really afraid of that - sign, aren't you?

If you want to insert the string safely in a database, use the built-in database escape mechanism. For mysql, this would be mysql_real_escape_string()
Removing random characters from the string without understanding the problem is simply begging for trouble.

Re: How 2 avoid special characters from a string

Posted: Wed Jul 21, 2010 3:53 am
by nithinkk

Code: Select all

 mysql_real_escape_string($rocks)
[text] Does mysql escape string enough for security ????? [/text]

Re: How 2 avoid special characters from a string

Posted: Wed Jul 21, 2010 4:27 am
by Mordred

Code: Select all

$rocks = mysql_real_escape_string($rocks);
Does mysql escape string enough for security ?????
Almost. It is required, but not sufficient.

Re: How 2 avoid special characters from a string

Posted: Wed Jul 21, 2010 4:30 am
by nithinkk
[text]so can you tell me how to secure it properly !!! Actually that string is a feedback which is taken from user.....so i want to clean it before inserting it ....[/text]