Replace characters

I got the following php code that will take only numbers and letters but what I want to do is replace characters like !@#$%^&*)) with the HTML equivalent

Look at the following ASCII table

http://www.asciitable.com/


eregi_replace('[^a-z0-9 ]', '', $string);

Open in new window

stargateatlantisAsked:
Who is Participating?
 
Ray PaseurConnect With a Mentor Commented:
Be aware, however, that if you use htmlentities() then use the REGEX you posted above, you will mung your string.  And if you use the REGEX first, then use htmlentities, you'll have deleted the special characters before you try to entitize them!  Palpably, a new approach is needed.

This combo might be helpful...

Best to all, ~Ray
<?php
$new = trim(ereg_replace('[^\' a-zA-Z0-9&!#$%()"+:?/@,_\.\-]', '', $string));
$new = htmlentities($new);

Open in new window

0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
htmlentities() does exactly this.

http://us.php.net/manual/en/function.htmlentities.php
0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
You won't need ereg at all, just use htmlentities().

$newstring = htmlentities($string, ENT_QUOTES);
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

 
Ray PaseurConnect With a Mentor Commented:
@Yodercm: Agreed, but the asker is self-identified as a beginner, and I think it's nice to help beginners avoid putting < > or ; into their data base.  Can help avoid a lot of damage later!

;-)

Ray
0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
I understand, but htmlentites will convert all those tags and special characters, including < > and ; into &code equivalents.  That's the real power of it, so NO undesirable characters can ever get into the database.  You don't need preg type of changes at all.
0
 
Ray PaseurConnect With a Mentor Commented:
I was thinking of the risk in this...
echo htmlentities('<SELECT * FROM MYTABLE WHERE 1; DROP TABLE MYTABLE');

Open in new window

0
 
Ray PaseurConnect With a Mentor Commented:
However it's fair to say that SQL injection is beyond the scope of the question.

Over and out, ~Ray
0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; DROP TABLE MYTABLE' at line 1

Actually, SQL injection is never beyond the scope of any question.  The point of htmlentities is to protect against it and other forms of hacking.
0
 
Ray PaseurConnect With a Mentor Commented:
Hmm.  I think that left wicket before SELECT might be the syntax culprit.  We can still drop that poor table!
0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
I tried it with the < and it gave a syntax error at the start.  Without the < I got the posted message showing a syntax error at the ;
0
 
stargateatlantisAuthor Commented:
Can you actually do it from a sql statment
0
 
Cornelia YoderConnect With a Mentor ArtistCommented:
You cannot convert the characters in a MySQL statement, but you can protect your database against hacking by using mysql_real_escape_string() in the query.

Your original question asked about converting special characters, but didn't say why you wanted to do that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.