• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 679
  • Last Modified:

Help with stripslashes and preg_replace

glcummins helped me with this earlier -- I needed to loop through all $_POST variables in order to trim() and addslashes() -- but I also need to remove all double quotes.  For some reason, adding preg_replace to this function doesn't work correctly.  The function escapes double-quotes even though I've removed them with the preg_replace first.

$myVars = array();
foreach($_POST as $field=>$value)
{
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));
print $myVars[$field]; // to test
}
0
marcparillo
Asked:
marcparillo
  • 4
  • 3
  • 2
  • +3
3 Solutions
 
TeRReFCommented:
You don't need preg_replace for such a simple task, use str_replace()
$myVars[$field] = str_replace('"','',$myVars[$field]);

You should flip these lines:
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

to

$myVars[$field] = trim(addslashes($value));
$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
0
 
TeRReFCommented:
Oh, and add the str_replace()   :)

$myVars[$field] = trim(addslashes($value));
$myVars[$field] = str_replace('"','',$myVars[$field]);
0
 
Steve BinkCommented:
Try removing them before the addslashes():

$myVars[$field] = str_replace('"','',$value);
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
TomeeboyCommented:
You're removing double quotes from $myVars[$field], but trimming and adding slashes to $value.  I think you have a variable mixup there :)
0
 
secondvCommented:
Try:

$myVars = array();

foreach ($_POST AS $field => $value)
{
      $myVars[$field] = stripslashes($myVars[$field]);
      $myVars[$field] = str_replace('"', '', $myVars[$field]);
      $myVars[$field] = trim(addslashes($value));
      print $myVars[$field]; // to test
}
0
 
secondvCommented:
dang, 3-4 posted at the same time =)
0
 
glcumminsCommented:
Here is the problem:

$myVars[$field] = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

In the first line, you are settings the value of $myVars[$field] to the result of the preg_replace() function. However, on the second line, you are completely replacing that value with 'trim(addslashes($value))'. The end result is that the first line is completely ignored.

You can do something like this:

$value = preg_replace('/\"/','',$myVars[$field]);
$myVars[$field] = trim(addslashes($value));

That will ensure that the second line operates on the result of the first line, rather than overwritting those results.
0
 
TomeeboyCommented:
Geez what a mess :)

Everyone but glcummins and myself seemed to overlook the variable mixup, but I do agree that str_replace would be better to use here (although that is not the solution to your problem).  To hopefully save you some confusion after reading all of these responses.  Here's what you should have in the end:

$myVars = array();
foreach($_POST as $field=>$value) {
     $myVars[$field] = str_replace('"', '', $value);
     $myVars[$field] = trim(addslashes($myVars[$field]));
     print $myVars[$field]; // to test
}
0
 
marcparilloAuthor Commented:
Thank you very much!

As a follow-up question, is it possible to drop the foreach() into an include .php file that can be accessed from an page as a function?

I tried this -- but it didn't work:

//include.php
function trim_and_slash() {
global $POST;
$POST = array();
foreach($_POST as $field=>$value) {
     $POST[$field] = str_replace('"', '', $value);
     $POST[$field] = trim(addslashes($POST[$field]));

}
return $POST;
}
0
 
marcparilloAuthor Commented:
I think I figured it out -- is this the best way to handle it?

//php file
$POST = trim_and_slash($_POST);

//include file
function trim_and_slash($POST) {
global $POST;
$POST = array();
foreach($_POST as $field=>$value) {
     $POST[$field] = str_replace('"', '', $value);
     $POST[$field] = trim(addslashes($POST[$field]));

}
return $POST;
}
0
 
Steve BinkCommented:
That looks good.  Some minor adjustment, and you have a general function you can use for anything:

<?
// in library/include
function trim_and_slash($a = false) {
  if ($a === false) { return false; }
  if (!(is_array($a))) {
    $ret = trim(addslashes(str_replace('"','',(string)$a)));
  } else {
    $ret = array();
    foreach($a as $key=>$val) {
      $ret[$key] = trim(addslashes(str_replace('"', '', (string)$val)));
    }
  }
  return $ret;
}

// in php file
$POST = trim_and_slash($_POST);
?>
0
 
marcparilloAuthor Commented:
Thank you...
But what is the purpose of ($a = false)?    I've never seen a function written that way, with a boolean value as one of the incoming parameters.

0
 
Steve BinkCommented:
It provides $a with a default value should it not be passed in the function call.  I normally use it for error-checking or parameter validation.  For example:

$strip = trim_and_slash();  //$strip = false;
$strip = trim_and_slash("bur\"p'");  //$strip = "burp\'";
$strip = trim_and_slash(array(false, "bur\"p'"));  // $strip = array('0', "burp\'")

Note the last example show the value false returning '0'.  This is because of the forced-typing to string.  This also would allow me to detect a function failure:

$strip = trim_and_slash();
if ($strip === false) { error_log('AN ERROR!'); }

I guess a little unnecessary in this context, but I'm used to typing it now...hehehe
0
 
marcparilloAuthor Commented:
Excellent!
Thanks for everyone's help.
I'll split the points among the best, most complete answers.
$marc
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now