String Theory - Working The Web
(Page 7 of 7 )
PHP also comes with a bunch of functions constructed specially for Web development. The first of these is the very cool addslashes() function, which automatically escapes special characters in strings. You should make it a point to run this function on your variables prior to inserting them into a database (or any other application that has trouble with special characters).
<?
$str = <<<EOF
When Nicholas "Oz" Oseransky (Matthew Perry) goes over to introduce himself
to his new neighbour, he's surprised to recognize notorious mob hit-man,
Jimmy "The Tulip" Tudeski (Bruce Willis), currently in hiding after
squealing on the Gogolack mob "family" in Chicago.
EOF;
// returns a string with all special characters escaped
/*
When Nicholas \"Oz\" Oseransky (Matthew Perry) goes over to introduce
himself to his new neighbour, he\'s surprised to recognize notorious mob
hit-man, Jimmy \"The Tulip\" Tudeski (Bruce Willis), currently in hiding
after squealing on the Gogolack mob \"family\" in Chicago.
*/
echo addslashes($str);
?>
You can reverse the process with the stripslashes() function,
which removes all the backslashes and returns a "clean" string.
The htmlentities() and htmlspecialchars() functions automatically convert special symbols (like < and >) into their corresponding HTML representations (< and >). Similarly, the nl2br() function automatically replaces blank lines in a string with the corresponding HTML line break tag
.
<?
$str = "if (x < 5 && y > 8) \n { \n self_destruct() \n } \n";
// returns "if (x < 5 && y > 8) <br> { <br> self_destruct()
<br> } <br>"
echo nl2br(htmlentities($str));
?>
The strip_tags() functions works in the opposite manner,
finding and removing all HTML and PHP tags that may be embedded within the string.
<?
$str = "<table><tr><td>Name</td><td>Price</td></tr></table>";
// returns "NamePrice"
echo strip_tags($str);
?>
And that's about all I have. I hope you enjoyed this article,
and that it offered you some insight into the massive amount of string processing power at your disposal in PHP4.
For more information on any of the functions listed here, take a look at the PHP manual page on strings at http://www.php.net/manual/en/ref.strings.php ...and until next time, stay healthy!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |