mat3000000 Posted August 14, 2011 Share Posted August 14, 2011 I need a way of just replacing those three characters (",',\,/) with nothing, any ideas? Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/ Share on other sites More sharing options...
MasterACE14 Posted August 14, 2011 Share Posted August 14, 2011 str_replace() Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257084 Share on other sites More sharing options...
mat3000000 Posted August 14, 2011 Author Share Posted August 14, 2011 I have tried this but I only want to do this on a single string with, ideally, one function and the quotes just close the parameter in the function, resulting in errors? Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257118 Share on other sites More sharing options...
void Posted August 14, 2011 Share Posted August 14, 2011 escape them with \ Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257122 Share on other sites More sharing options...
mat3000000 Posted August 14, 2011 Author Share Posted August 14, 2011 I have no experience with the preg_ function, so could you show me how I would amend this: $q = preg_replace("/[????]/","",$str); Please could you explain what you are putting in there, or give me a link to a site which takes you through the syntax. Thanks in advance Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257145 Share on other sites More sharing options...
AbraCadaver Posted August 14, 2011 Share Posted August 14, 2011 Try: $string = preg_replace('#["\'\\\/]#', '', $string); Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257148 Share on other sites More sharing options...
mat3000000 Posted August 14, 2011 Author Share Posted August 14, 2011 Thanks, thats what I wanted Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1257150 Share on other sites More sharing options...
mat3000000 Posted August 25, 2011 Author Share Posted August 25, 2011 Just a quick question to add to this... I was using this along with the mysql_escape_string() function. Is this necessary because surely mysql injection can not occur without any of those characters??? Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1261799 Share on other sites More sharing options...
skwap Posted August 25, 2011 Share Posted August 25, 2011 Just a quick question to add to this... I was using this along with the mysql_escape_string() function. Is this necessary because surely mysql injection can not occur without any of those characters??? yes its necessary when you insert data into your sql table. If you deals with forms & you should escape the string. :-* Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1261806 Share on other sites More sharing options...
Pikachu2000 Posted August 25, 2011 Share Posted August 25, 2011 If you're goal is to sanitize a string for use in a DB query, you don't need to remove those (or any other) characters. That's what mysql_real_escape_string() is for. Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1261825 Share on other sites More sharing options...
mat3000000 Posted August 27, 2011 Author Share Posted August 27, 2011 Right, so how would you suggest I do what I want to do:- I have a form where user inputs data to DB. When user logs in, they can view all their info. If I use mysql_real_escape() then all the apostrophes end up with a slash before them? Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1262684 Share on other sites More sharing options...
Pikachu2000 Posted August 27, 2011 Share Posted August 27, 2011 The your server is probably configured with magic_quotes_gpc() set to ON in your php.ini file. You would either need to set it to off, or check for magic_quotes_gpc() when escaping string data, and if it's ON, run stripslashes() on the data. if( get_magic_quotes_gpc() ) { $data = stripslashes($data); } $data = mysql_real_escape_string($data); Link to comment https://forums.phpfreaks.com/topic/244749-preg_replace-help-replace-and/#findComment-1262692 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.