slash / \ syntax

[dsaba]

i'm trying to write a script that keeps people from posting any kind of html/javascript/mysql statements

 

so first I take care of people trying to post html or javascript code that does not look like html or javascript

 

I translate anything that might be html into html or javascript with this

$string = html_entity_decode($string);

 

now once everything looks like <script>  I want to remove those tags and other characters

$string = preg_replace($pattern, "", $string);

 

 

I put what I want to remove in an array called $pattern, the problem I have is I know what I want to remove i want to remove: <, >, /, \, ', `, "

-all those characters, i want those to be in my pattern array

 

$pattern[0] = "/</";

$pattern[1] = "/>/";

$pattern[2] = "///";

$pattern[3] = "/\/";

$pattern[4] = "/"/";

$pattern[5] = "\'\";

$pattern[6] = "`";

 

thats what I got so far, but i'm confused as hell as how to write that in the array, with the slashes...

 

here's the full code all together:

$pattern[0] = "/</";
$pattern[1] = "/>/";
$pattern[2] = "///";
$pattern[3] = "/\/";
$pattern[4] = "/"/";
$pattern[5] = "\'\";
$pattern[6] = "`";

$string = "A 'quote' is <b>bold</b&gt";
echo "this is before i filter";
echo $string;
$string = html_entity_decode($string);
$string = preg_replace($pattern, "", $string);
echo "this is after i filter";
echo $string;

 

 

the problem is i get all kinds of errors like:

this is before i filterA 'quote' is <b>bold</b>

Warning: preg_replace(): No ending matching delimiter '>' found in  on line 29

 

Warning: preg_replace(): No ending delimiter '>' found in  on line 29

 

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in  on line 29

 

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in  on line 29

 

Warning: preg_replace(): No ending delimiter '"' found  on line 29

 

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in / on line 29

 

Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in  on line 29

this is after i filterA 'quote' is bold</b>

 

 

so how can I fix my pattern array to take the symbols i listed above out of the string?

 

[effigy]

Have you tried strip_tags?

 

The better approach is to only array your patterns--not the delimiters, then add them later after quoting the pattern, like so:

 

'/' . preg_quote($pattern, '/') . '/'

[dsaba]

i want to array my delimiters because i want to remove all of those characters at the same time

 

i dont see how arraying different patterns would help me?

 

could you tell me how to write that i want all those characters removed in an array called $pattern

 

thats my problem

[dsaba]

i dont understand what you mean effigy, maybe you could give me an example with the information i supplied earlier? thanks

[effigy]

If you're only replacing one character at a time, str_replace would be the better method.

 

<pre>
<?php
$string = 'a<b>c/d\\';
$chars = array('<', '>', '/', '\\');
foreach ($chars as $char) {
	echo "<b>Removing '$char'...</b><br>";
	echo $string = preg_replace('/' . preg_quote($char, '/') . '/', '', $string);
	echo '<br>';
}
?> 
</pre>

[dsaba]

ok i understand that code except for the part where

 

you mention $chars as $char

 

nowhere do I see the variable $char mentioned..

 

what does that statement mean?

 

(yes i tried the code out it works, but i need to know why in order to use it)

 

thanks again

[wildteen88]

$char is created form the foreach loop. It holds the value of each item in the array. Read up on foreach in order to understand what is going on.

 

It basically holds the value of the item the array pointer is at. So on the first loop $char will hold '<' as the value, the second loop it will hold '>' and so on through out the array.