Welcome to WebmasterWorld Guest from 54.221.28.179

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

preg replace

all but certain characters

     

stargateanubis14

1:37 am on Feb 16, 2009 (gmt 0)

5+ Year Member



I am attempting to remove all but alpha-numeric characters, spaces, and \r\n (for line breaks), via preg_replace

The reason for this is a type of messaging system, in which the user enters their message, and when it is received from the database, it will put it back out. For security reasons, i only want alpha-numeric, spaces, and the new line characters.

How would i go about doing this?

Thanks in advance

rob7591

1:43 am on Feb 16, 2009 (gmt 0)

5+ Year Member



try:
$pattern = "/[^a-z0-9 \r\n]/i";
$string = preg_replace($pattern, '', $string);

stargateanubis14

1:48 am on Feb 16, 2009 (gmt 0)

5+ Year Member



That seems to have gotten rid of all, including the \'s before the r and n....thus not breaking the line when printing the page

jezra

4:20 am on Feb 16, 2009 (gmt 0)

10+ Year Member



you might want to try using nl2br() after you have used preg_replace().

stargateanubis14

1:23 pm on Feb 16, 2009 (gmt 0)

5+ Year Member



That does nothing, because the preg_replace is taking out all of the \ that i need for nl2br() to work...

jezra

7:34 pm on Feb 16, 2009 (gmt 0)

10+ Year Member



so when you pull the data from the database, you end up with a string like this?
$string = "this is \n some text \n with breaks\n";

Can you post the minimalist amount of code with a sample of a string that is giving you a problem?

rob7591

10:15 pm on Feb 16, 2009 (gmt 0)

5+ Year Member



If you're pulling out a literal "\r\n" instead of a new line
like this:
"
",

Then you can use this:
$pattern = "/([^a-z0-9 \\]/im";

That will accept \'s also. (note I added m to the options [to search over multiple lines])

stargateanubis14

1:07 am on Feb 17, 2009 (gmt 0)

5+ Year Member



rob7591-> nope...that doesn't return anything. It for some reason returns nothing...

jezra-> This is a quick example of what i'm doing:
---------------------------------------------------
INPUT:

test !@#$%^&*()_+=-<>,./?Chars...

new line
----------------END OF INPUT----------------

Before anything is inserted into the database, the following is applied to $message (the input message):

$message = preg_replace("/[^a-z0-9 \r\n]/i", "", $_POST['message']);

if(strlen($message)<1)
{
$error='1';
print "You did not input a message<br>";
}

$message=strip_tags($message); //(not necessary)
$message=nl2br($message);

then the data is submitted into the query.
When looking into the database (manually) it returns "test ,.Chars...rnrnnew line"... which is the same as what is being printed when viewing the message.

coopster

12:32 pm on Feb 17, 2009 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If you want to retain the newlines, do not do this before you submit the data to the query:
$message = nl2br [php.net]($message);

You can do that when you retrieve the data from the query if you want to retain the "newlines" in your HTML output.

stargateanubis14

1:41 pm on Feb 17, 2009 (gmt 0)

5+ Year Member



that is what i do... its the last thing that happens before its submitted into the query. The problem is, that the preg_replace is taking out the \ ...so when it runs through nl2br, there is nothing to change...because all of the \'s were taken out before that...

stargateanubis14

4:44 am on Mar 3, 2009 (gmt 0)

5+ Year Member



*small bump after a long time*

coopster

4:04 pm on Mar 3, 2009 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Maybe it is something in your POST data. It works fine for me:
$message = <<<ENDSTRING 
INPUT:

test !@#$%^&*()_+=-<>,./?Chars...

new line
ENDSTRING;


print '<pre>';
print htmlentities($message);
print '</pre>';
$message = preg_replace("/[^a-z0-9 \r\n]/i", "", $message);
if (strlen($message) < 1) {
$error = '1';
print "You did not input a message<br>";
}
$message=nl2br($message);
print $message;
exit;

stargateanubis14

9:03 pm on Mar 3, 2009 (gmt 0)

5+ Year Member



the preg relace is still removing the \'s from the r and n...

with your preg replace, it also removes the periods and commas.... so when i put in:

"test !@#$%^&*()_+=-<>,./?Chars...

new line"
it puts out:
"test Charsrnrnnew line"

thats directly after the preg replace...

My code is....

$sendto = preg_replace("/[^a-z0-9 \r\n]/i", "", $_POST['sendto']);
$title = preg_replace("/[^a-z0-9 \r\n]/i", "", $_POST['title']);
$message = preg_replace("/[^a-z0-9 \r\n]/i", "", $_POST['message']);

print "TO: ";
print $sendto;
print "<br>";
print "TITLE: ";
print $title;
print "<br>";
print "Message: ";
print "<br>";
print $message;

It will output the other things properly since they are only one line, and the usernames are only alpha numeric, and thus dont need commas or periods.

stargateanubis14

11:54 pm on Mar 3, 2009 (gmt 0)

5+ Year Member



Okay...quick update on this...

when i take the immediate result of $_POST['message'] , run it through nl2br, and print it out, it returns this:

test !@#$%^&*()_+=-<>,./?Chars...\r\n\r\nnew line

so for some reason, not even nl2br is recognizing the \ stuff....i also did some tests with str_replace , to try to replace the \r\n 's with a random string that would later be converted to <br>, but not even str_replace would recognize the \'s...has ANYONE heard of something like this?

coopster

6:54 pm on Mar 4, 2009 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If you are literally typing in "\r\n", meaning the "backslash" followed by the letter "r" followed by another "backslash" followed by the letter "n" into your
message
form field, then it is not really a carriage return, line feed (CRLF). It is a literal string and no, it will not be recognized as anything other than that. CRLF is "invisible" to the eye and since you are seeing the literal characters escaped when you echo your POST value, you are looking at a literal string.

stargateanubis14

2:42 pm on Mar 5, 2009 (gmt 0)

5+ Year Member



but then why, when i run the POST value through nl2br, does it not change it at all? Is there any way to retrieve the new line's posted in the forms text area?

I'm gonna make a blank page that does just what i'm tryin to do, and i'll post it here as soon as i get it going (it will have a to, title, and message box, and then when you submit it, it will show you what you sent in direct/unedited form, with the nl2br (for the message only), and then after the preg_replace. I will have a link to the direct source so you can see the source as it goes.

I've got to go do somethin first, so it will be an hour or 2 before i can get it up

coopster

3:06 pm on Mar 5, 2009 (gmt 0)

WebmasterWorld Administrator coopster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I will have a link to the direct source so you can see the source as it goes.

No personal links please.

stargateanubis14

3:42 pm on Mar 5, 2009 (gmt 0)

5+ Year Member



can it be on a server that is made strictly for testing this (like one of the free hosts)?

because everything that "should" be working, isn't...if users have the ability to see the code and the output, it would be easier to solve.

if the answer is still no, i guess i'll have to continue doing this the hard way! lol

stargateanubis14

10:29 pm on Mar 5, 2009 (gmt 0)

5+ Year Member



I fixed this by doin a bypass...i replaced all the <br/> with a random string before putting it through the preg_replace

$message=preg_replace('/\<br(\s*)?\/?\>/i', ".n.185169876216.n.", $message);
$message = preg_replace("/[^a-z0-9 . ,]/im", "", $message);
$message=str_replace('.n.185169876216.n.', "<br>", $message);

That seems to be working now...dont know why..but it does! lol

Thanks to all

 

Featured Threads

Hot Threads This Week

Hot Threads This Month