str_replace help

[monkeytooth]

I am thinking str_replace is my only option to filter outputs from my database to convert them to safe url variables.

 

I am working with a database with over 4million records, and apparently when the database was created no one though about database safety, or site safety or I don't think much in general.

 

So that said in the database I have characters like & ' " etc.. stuff that most people will sanitize in one way shape form or another and store as such. I guess with this post I am trying to find out what are the most important characters such as above mentioned that I should attempt to filter out, or filter differently. I am also using some of these variables within URL's  so its important that I can pass them through URL variables.

 

The urls are being phased in 2 ways one, your standard long url (ie: index.php?a=var&b=var&c=var) and then a more SEO friendly version /a/var/b/var/ in either event I cant have ' " & other in the URLs they just dont work. For other reasons I cant have them just output in the code. So what ever characters i need to filter out and what I should filter them out as that as, as in what would you suggest to phase them as? Anything that could break code, or not work in a URL I need to know.

 

Also if anyone knows a better way to do it than str_replace("&", "What to replace"); ill take advice there too :-)

[trq]

You might want to take a look at url_encode.

[redarrow]

You need to look up mod rewrite and rewrite the urls as safe urls.

[JAY6390]

If you're looking to replace all the bad characters I'd suggest using a regex to quickly remove all the bad characters

$text = preg_replace('%[&!"\']%', '', $text);

This will remove all the characters inside the [ ] (except for the \ which is there to escape the ' inside the quotes)

[redarrow]

preg replace will destroy the whole code innit?

 

if you use preg_replace then the url's will all be wrong wont they?

[monkeytooth]

Well the URLs well all the var's are in script or otherwise are all built through the output of the database. I have already done mod rewrite with htacess for the URL's thats not the issue, I have that working fine. Its just since the outputs/var's are created via a database that was never fully sanitized when it was built up, and having 4million+ records in it, many of which contain bad characters for url's or even passing through some php. Its not entirely fesable to fix it on the database side, I mean it is, I am going to create a function that will sanitize these area as they are found. But first I need to One, figure out what would be a bad character outside the ones I know to be bad that can break php/html or break a URL

 

By break I mean either end the code prematurely, or make url's not interprate properly as variables are passed through.