Replace characters

I got the following php code that will take only numbers and letters but what I want to do is replace characters like !@#$%^&*)) with the HTML equivalent

Look at the following ASCII table

http://www.asciitable.com/


eregi_replace('[^a-z0-9 ]', '', $string);

Open in new window

stargateatlantisAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cornelia YoderArtistCommented:
htmlentities() does exactly this.

http://us.php.net/manual/en/function.htmlentities.php
0
Ray PaseurCommented:
Be aware, however, that if you use htmlentities() then use the REGEX you posted above, you will mung your string.  And if you use the REGEX first, then use htmlentities, you'll have deleted the special characters before you try to entitize them!  Palpably, a new approach is needed.

This combo might be helpful...

Best to all, ~Ray
<?php
$new = trim(ereg_replace('[^\' a-zA-Z0-9&!#$%()"+:?/@,_\.\-]', '', $string));
$new = htmlentities($new);

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cornelia YoderArtistCommented:
You won't need ereg at all, just use htmlentities().

$newstring = htmlentities($string, ENT_QUOTES);
0
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Ray PaseurCommented:
@Yodercm: Agreed, but the asker is self-identified as a beginner, and I think it's nice to help beginners avoid putting < > or ; into their data base.  Can help avoid a lot of damage later!

;-)

Ray
0
Cornelia YoderArtistCommented:
I understand, but htmlentites will convert all those tags and special characters, including < > and ; into &code equivalents.  That's the real power of it, so NO undesirable characters can ever get into the database.  You don't need preg type of changes at all.
0
Ray PaseurCommented:
I was thinking of the risk in this...
echo htmlentities('<SELECT * FROM MYTABLE WHERE 1; DROP TABLE MYTABLE');

Open in new window

0
Ray PaseurCommented:
However it's fair to say that SQL injection is beyond the scope of the question.

Over and out, ~Ray
0
Cornelia YoderArtistCommented:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; DROP TABLE MYTABLE' at line 1

Actually, SQL injection is never beyond the scope of any question.  The point of htmlentities is to protect against it and other forms of hacking.
0
Ray PaseurCommented:
Hmm.  I think that left wicket before SELECT might be the syntax culprit.  We can still drop that poor table!
0
Cornelia YoderArtistCommented:
I tried it with the < and it gave a syntax error at the start.  Without the < I got the posted message showing a syntax error at the ;
0
stargateatlantisAuthor Commented:
Can you actually do it from a sql statment
0
Cornelia YoderArtistCommented:
You cannot convert the characters in a MySQL statement, but you can protect your database against hacking by using mysql_real_escape_string() in the query.

Your original question asked about converting special characters, but didn't say why you wanted to do that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.