Jump to content

Recommended Posts

I'm looking for a way to convert a string into ascii number codes. I have the list of conversion words in an array, the problems lies in that each iteration through the array, is starting from the beginning of the array, and appending the next element in the array onto the end.

 

i.e; the below is producing this:

TEstABcDE12345678910

TEstABcDE12345678910TeshgaGDasf#1345

 

$string=array("TEstABcDE12345678910", "TeshgaGDasf#1345");
$asciiString="";
foreach($string as $string2){

for($i = 0; $i != strlen($string2); $i++)
{

	 $asciiString .= "&#".ord($string2[$i]).";";

}

$asciiCode = str_replace("&", "&", $asciiString);

echo $asciiString."<br />";

}

 

How would I make it so that it only converts each array element individually. I also need to some how add a preg_match to this as well.

 

The idea would be to have the array contain a list of "forbidden words" (javascript, alert, style, among others), and then to convert those forbidden words into their ASCII code equivalents.

 

This is an attempt to go above and beyond htmlentities for XSS prevention.

Link to comment
https://forums.phpfreaks.com/topic/263869-convert-string-to-ascii-code/
Share on other sites

I think I got it working with this:

$words = array('TEstABcDE12345678910', 'TeshgaGDasf#1345');

$ascii = '';
foreach($words as $word)
{
$index = 0;
while($index < strlen($word)) {
	$ascii .= ord($word[$index]);
	$index++;
}

echo $ascii . '<br />';
}

 

However as an XSS prevention technique, I have my doubts. In my opinion, either use htmlentities() or htmlspecialchars() if you do not want to preserve HTML, or use HTML Purifier if you do want to preserve HTML.

That's unfortunately returning the same thing:

 

TEstABcDE12345678910

TEstABcDE12345678910TeshgaGDasf#1345

 

<?php
error_reporting(E_ALL);
$words = array('TEstABcDE12345678910', 'TeshgaGDasf#1345');

$ascii = '';
foreach($words as $word)
{
$index = 0;
while($index < strlen($word)) {
	$ascii .= "&#".ord($word[$index]).";";
	$index++;
}

echo $ascii . '<br />';
}
?>

 

 

 

As far as using htmlentities; I still plan too. This is just to go a step further and remove words that could be used in an attack.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.