Really Quick PHP Help REQ - GoFuckYourself.com

dirtysouth · 04-29-2008, 07:56 AM

I need to trim special characters out of a form because it's parsing the "'" (single quote) and fucking up a cart I'm building. Users that have something like "Joe's Mags" crashes the cart due to the single quote. Here's what I have:

PHP Code:


			
if(!empty($_POST['shipcompany']))

{

    $shipcompany= trim($_POST['shipcompany']);

}

else

{

    $shipcompany = '';

}

Been mucking around with this:

PHP Code:


			
$shipcompany = "'!£$%^&ss*()}{@:'#~/?><>/ 1 2 3 4 5 3/.,/:@/||\-=-__++-¬``1`sds";

$shipcompany = preg_replace('/[^a-z0-9]/', '', $shipcompany);

I just don't know how to mesh the code together. Thanks in advance as you guys always come through in a pinch and the client is pinching the fuck outta me ATM!

Zorgman · 04-29-2008, 08:38 AM

Why not addslashes?

brandonstills · 04-29-2008, 11:45 AM

http://us.php.net/addslashes

fluffygrrl · 04-29-2008, 01:41 PM

And btw, don't start the regexp engine if you don't REALLY need it. it's a hog.

k0nr4d · 04-29-2008, 01:50 PM

I'm in awe that you know how to write regex like that but didn't know about addslashes :P

bDok · 04-29-2008, 02:12 PM

or ... mysql_real_escape_string

ugh.

fluffygrrl · 04-29-2008, 02:16 PM

Quote:

Originally Posted by k0nr4d

I'm in awe that you know how to write regex like that but didn't know about addslashes :P

I think it's pretty obvious he c/p'd stuff he found on the internetz.

GrouchyAdmin · 04-29-2008, 02:33 PM

Quote:

Originally Posted by bDok

or ... mysql_real_escape_string

ugh.

Don't forget, mysql_real_escape_string() requires a handler, so you must have an open DB socket to use it.

For the love of god, people, learn to sanitize your variables.

04-29-2008, 07:56 AM	#1
dirtysouth Confirmed User Join Date: Jul 2003 Location: Mobtown Posts: 2,613	Really Quick PHP Help REQ I need to trim special characters out of a form because it's parsing the "'" (single quote) and fucking up a cart I'm building. Users that have something like "Joe's Mags" crashes the cart due to the single quote. Here's what I have: PHP Code: `if(!empty($_POST['shipcompany'])) { $shipcompany= trim($_POST['shipcompany']); } else { $shipcompany = ''; }` Been mucking around with this: PHP Code: $shipcompany = "'!£$%^&ss*()}{@:'#~/?><>/ 1 2 3 4 5 3/.,/:@/\|\|\-=-__++-¬``1`sds"; $shipcompany = preg_replace('/[^a-z0-9]/', '', $shipcompany); I just don't know how to mesh the code together. Thanks in advance as you guys always come through in a pinch and the client is pinching the fuck outta me ATM! __________________ no sig

04-29-2008, 08:38 AM	#2
Zorgman Confirmed User Join Date: Aug 2002 Location: Sydney, Australia Posts: 6,103	Why not addslashes? __________________ ---

04-29-2008, 11:45 AM	#3
brandonstills Confirmed User Join Date: Dec 2007 Location: Chatsworth, CA Posts: 1,964	http://us.php.net/addslashes __________________ Brandon Stills Industry and programming veteran [email protected] \| skype: brandonstills \| ICQ #495-171-318

04-29-2008, 01:50 PM	#5
k0nr4d Confirmed User Industry Role: Join Date: Aug 2006 Location: Poland Posts: 9,229	I'm in awe that you know how to write regex like that but didn't know about addslashes :P __________________ Mechanical Bunny Media Mechbunny Tube Script \| Mechbunny Webcam Aggregator Script \| Custom Web Development

04-29-2008, 02:12 PM	#6
bDok Confirmed User Join Date: Feb 2005 Location: SD/OC/LA Posts: 1,917	or ... mysql_real_escape_string ugh. __________________ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Warriors come out to plaAAaayyy! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

04-29-2008, 01:41 PM	#4
fluffygrrl So Fucking Banned Join Date: May 2006 Posts: 2,187	And btw, don't start the regexp engine if you don't REALLY need it. it's a hog.