Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Help with stripslashes and preg_replace

Posted on 2007-04-09
14
660 Views
Last Modified: 2010-05-18
glcummins helped me with this earlier -- I needed to loop through all $_POST variables in order to trim() and addslashes() -- but I also need to remove all double quotes.  For some reason, adding preg_replace to this function doesn't work correctly.  The function escapes double-quotes even though I've removed them with the preg_replace first.

$myVars = array();
foreach($_POST as $field=>$value)
{
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));
print $myVars[$field]; // to test
}
0
Comment
Question by:marcparillo
  • 4
  • 3
  • 2
  • +3
14 Comments
 
LVL 29

Expert Comment

by:TeRReF
ID: 18878147
You don't need preg_replace for such a simple task, use str_replace()
$myVars[$field] = str_replace('"','',$myVars[$field]);

You should flip these lines:
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

to

$myVars[$field] = trim(addslashes($value));
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 18878159
Oh, and add the str_replace()   :)

$myVars[$field] = trim(addslashes($value));
$myVars[$field] = str_replace('"','',$myVars[$field]);
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 18878161
Try removing them before the addslashes():

$myVars[$field] = str_replace('"','',$value);
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 15

Expert Comment

by:Tomeeboy
ID: 18878164
You're removing double quotes from $myVars[$field], but trimming and adding slashes to $value.  I think you have a variable mixup there :)
0
 
LVL 4

Expert Comment

by:secondv
ID: 18878167
Try:

$myVars = array();

foreach ($_POST AS $field => $value)
{
      $myVars[$field] = stripslashes($myVars[$field]);
      $myVars[$field] = str_replace('"', '', $myVars[$field]);
      $myVars[$field] = trim(addslashes($value));
      print $myVars[$field]; // to test
}
0
 
LVL 4

Expert Comment

by:secondv
ID: 18878171
dang, 3-4 posted at the same time =)
0
 
LVL 24

Accepted Solution

by:
glcummins earned 100 total points
ID: 18878179
Here is the problem:

$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

In the first line, you are settings the value of $myVars[$field] to the result of the preg_replace() function. However, on the second line, you are completely replacing that value with 'trim(addslashes($value))'. The end result is that the first line is completely ignored.

You can do something like this:

$value = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

That will ensure that the second line operates on the result of the first line, rather than overwritting those results.
0
 
LVL 15

Assisted Solution

by:Tomeeboy
Tomeeboy earned 100 total points
ID: 18878252
Geez what a mess :)

Everyone but glcummins and myself seemed to overlook the variable mixup, but I do agree that str_replace would be better to use here (although that is not the solution to your problem).  To hopefully save you some confusion after reading all of these responses.  Here's what you should have in the end:

$myVars = array();
foreach($_POST as $field=>$value) {
     $myVars[$field] = str_replace('"', '', $value);
     $myVars[$field] = trim(addslashes($myVars[$field]));
     print $myVars[$field]; // to test
}
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18879222
Thank you very much!

As a follow-up question, is it possible to drop the foreach() into an include .php file that can be accessed from an page as a function?

I tried this -- but it didn't work:

//include.php
function trim_and_slash() {
global $POST;
$POST = array();
foreach($_POST as $field=>$value) {
     $POST[$field] = str_replace('"', '', $value);
     $POST[$field] = trim(addslashes($POST[$field]));

}
return $POST;
}
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18879255
I think I figured it out -- is this the best way to handle it?

//php file
$POST = trim_and_slash($_POST);

//include file
function trim_and_slash($POST) {
global $POST;
$POST = array();
foreach($_POST as $field=>$value) {
     $POST[$field] = str_replace('"', '', $value);
     $POST[$field] = trim(addslashes($POST[$field]));

}
return $POST;
}
0
 
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 100 total points
ID: 18879381
That looks good.  Some minor adjustment, and you have a general function you can use for anything:

<?
// in library/include
function trim_and_slash($a = false) {
  if ($a === false) { return false; }
  if (!(is_array($a))) {
    $ret = trim(addslashes(str_replace('"','',(string)$a)));
  } else {
    $ret = array();
    foreach($a as $key=>$val) {
      $ret[$key] = trim(addslashes(str_replace('"', '', (string)$val)));
    }
  }
  return $ret;
}

// in php file
$POST = trim_and_slash($_POST);
?>
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18879397
Thank you...
But what is the purpose of ($a = false)?    I've never seen a function written that way, with a boolean value as one of the incoming parameters.

0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 18879443
It provides $a with a default value should it not be passed in the function call.  I normally use it for error-checking or parameter validation.  For example:

$strip = trim_and_slash();  //$strip = false;
$strip = trim_and_slash("bur\"p'");  //$strip = "burp\'";
$strip = trim_and_slash(array(false, "bur\"p'"));  // $strip = array('0', "burp\'")

Note the last example show the value false returning '0'.  This is because of the forced-typing to string.  This also would allow me to detect a function failure:

$strip = trim_and_slash();
if ($strip === false) { error_log('AN ERROR!'); }

I guess a little unnecessary in this context, but I'm used to typing it now...hehehe
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18886679
Excellent!
Thanks for everyone's help.
I'll split the points among the best, most complete answers.
$marc
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question