I wanted to know if there was an easy way to check if a string was already escaped or not. I have a function that sometimes gets data from a form (where magic quotes escapes it) and sometimes gets data from elsewhere (not escaped). I'd like to check if the string is escaped, then if not...escape it.you could do a preg_match or you can just escape it anyway.
the drawback to escaping is if it is escaped it might do it again. so you end up with \\'.
so, I would use preg_match to check or you could use strpos() I believe.
I run a function that escapes anything and everything that comes in. then stripslahses when it goes out. I use mysql_escape_string() this is of course after chekcing for magic_quotesI was trying to use preg_match, or preg_replace, but I'm having trouble coming up with the proper REGEX. I need something that will return or replace all ' but not if it is \' as well as " but not \" etc etc. I figured that if I could get that figured out, I could put the REGEX's in one array, and the replacements in another, and use preg_replace.well, not sure but try this
preg_match('/(\\')/', $string, $match)
for checking already matched escapes take one slash away to see if it is not slashedwell, I can match either ' OR \' but I can't seem to get it to match ONLY ' & NOT \'
The reason being, I'd like to see if ALL special characters ('"\ and NUL) have a preceding backslash, and if NOT, then I'd like to run addslashes, or mysql_escape_string. If they all DO have slashes, then I don't want to re-slash them. So I need to figure out how to match all ' that do NOT have a preceding \
anyway, for now I am doing this:function slash_it(&$temp){
for($i=0;$i<sizeof($temp);$i++){$temp[$i] = mysql_escape_string(stripslashes($temp[$i]));}
}and it is called like this: slash_it($si = array(&$var1, &$var2, &$var3, &$var4, &$var5));
The only drawback is:
If the user purposefully enters a \, it will be removed.yeah but even if it is removed it will be added again, right?
that seems to be a good way to me.turns out that it strips slashes off of \r & \n turning them into regular characters (r & n), and r and n do not get slashes added to them...I tried to change the \r's & \n's to ~r's & ~n's, then do the strip slashes, and then change them back, but instead of storing in the db like this(copied from phpMyAdmin):123 Street St
City, ST 99999It stores it like this(also copied from phpMyAdmin)123 Street St\r\nCity, ST 99999
Here is how I actually did the change (it's messy, but I've been trying everything...):function slash_it(&$si){
$switch = array(array("/\n/","/\r/"), array("~n","~r"));
$switch_back = array(array("/~n/","/~r/"),array('\n','\r'));
for($i=0;$i<sizeof($si);$i++){$si[$i] = mysql_escape_string(preg_replace($switch_back[0],$switch_back[1],stripslashes(preg_replace($switch[0],$switch[1],$si[$i]))));}
}Eureka! Eureka!
Ok, so maybe it's not all that, but it seems to work, so I'm happy. What I'm doing is this:
I'm changing the \n's & \r's into ~~n's and ~~r's
then I stripslashes
then I mysql_escape_string
then I change the ~~n's and ~~r's into chr(10)'s and chr(13)'s
It looks like this:function slash_it(&$si){
$switch = array(array("/\n/","/\r/"), array("~~n","~~r"));
$switch_back = array(array("/~~n/","/~~r/"),array(chr(10),chr(13)));
for($i=0;$i<sizeof($si);$i++){$si[$i] = preg_replace($switch_back[0],$switch_back[1],mysql_escape_string(stripslashes(preg_replace($switch[0],$switch[1],$si[$i]))));}
}you could also change \r\n to normal breaks <br /> this way it looks good on the web page. \r\n you don't even see as it does nothing to html, except put the raw code on a newline.
so without even messing with ~~n and ~~r I would replace them to <br /> and no worries.The thing is, all this change is not to display it (I change to <br /> when I display it), all this is so that I can store it properly INTO the db. The thing is, I have a function that inputs a row into the db, and sometimes it's data comes from a form (get magic quotes is on), so it's fine, and sometimes it comes from another db (no slashes this way), and sometimes it comes partially from a form and partially from another db (tough to tell what is what). The problem was mainly that I enclose all my VALUES in ''s, and then I would have some unescaped ''s and it would cause problems (VALUES('see','Aaron's','problem?'))
Anyway, now it all works properly.
the drawback to escaping is if it is escaped it might do it again. so you end up with \\'.
so, I would use preg_match to check or you could use strpos() I believe.
I run a function that escapes anything and everything that comes in. then stripslahses when it goes out. I use mysql_escape_string() this is of course after chekcing for magic_quotesI was trying to use preg_match, or preg_replace, but I'm having trouble coming up with the proper REGEX. I need something that will return or replace all ' but not if it is \' as well as " but not \" etc etc. I figured that if I could get that figured out, I could put the REGEX's in one array, and the replacements in another, and use preg_replace.well, not sure but try this
preg_match('/(\\')/', $string, $match)
for checking already matched escapes take one slash away to see if it is not slashedwell, I can match either ' OR \' but I can't seem to get it to match ONLY ' & NOT \'
The reason being, I'd like to see if ALL special characters ('"\ and NUL) have a preceding backslash, and if NOT, then I'd like to run addslashes, or mysql_escape_string. If they all DO have slashes, then I don't want to re-slash them. So I need to figure out how to match all ' that do NOT have a preceding \
anyway, for now I am doing this:function slash_it(&$temp){
for($i=0;$i<sizeof($temp);$i++){$temp[$i] = mysql_escape_string(stripslashes($temp[$i]));}
}and it is called like this: slash_it($si = array(&$var1, &$var2, &$var3, &$var4, &$var5));
The only drawback is:
If the user purposefully enters a \, it will be removed.yeah but even if it is removed it will be added again, right?
that seems to be a good way to me.turns out that it strips slashes off of \r & \n turning them into regular characters (r & n), and r and n do not get slashes added to them...I tried to change the \r's & \n's to ~r's & ~n's, then do the strip slashes, and then change them back, but instead of storing in the db like this(copied from phpMyAdmin):123 Street St
City, ST 99999It stores it like this(also copied from phpMyAdmin)123 Street St\r\nCity, ST 99999
Here is how I actually did the change (it's messy, but I've been trying everything...):function slash_it(&$si){
$switch = array(array("/\n/","/\r/"), array("~n","~r"));
$switch_back = array(array("/~n/","/~r/"),array('\n','\r'));
for($i=0;$i<sizeof($si);$i++){$si[$i] = mysql_escape_string(preg_replace($switch_back[0],$switch_back[1],stripslashes(preg_replace($switch[0],$switch[1],$si[$i]))));}
}Eureka! Eureka!
Ok, so maybe it's not all that, but it seems to work, so I'm happy. What I'm doing is this:
I'm changing the \n's & \r's into ~~n's and ~~r's
then I stripslashes
then I mysql_escape_string
then I change the ~~n's and ~~r's into chr(10)'s and chr(13)'s
It looks like this:function slash_it(&$si){
$switch = array(array("/\n/","/\r/"), array("~~n","~~r"));
$switch_back = array(array("/~~n/","/~~r/"),array(chr(10),chr(13)));
for($i=0;$i<sizeof($si);$i++){$si[$i] = preg_replace($switch_back[0],$switch_back[1],mysql_escape_string(stripslashes(preg_replace($switch[0],$switch[1],$si[$i]))));}
}you could also change \r\n to normal breaks <br /> this way it looks good on the web page. \r\n you don't even see as it does nothing to html, except put the raw code on a newline.
so without even messing with ~~n and ~~r I would replace them to <br /> and no worries.The thing is, all this change is not to display it (I change to <br /> when I display it), all this is so that I can store it properly INTO the db. The thing is, I have a function that inputs a row into the db, and sometimes it's data comes from a form (get magic quotes is on), so it's fine, and sometimes it comes from another db (no slashes this way), and sometimes it comes partially from a form and partially from another db (tough to tell what is what). The problem was mainly that I enclose all my VALUES in ''s, and then I would have some unescaped ''s and it would cause problems (VALUES('see','Aaron's','problem?'))
Anyway, now it all works properly.