|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg  addcslashes
Quote string with slashes in a C style
(PHP 4, PHP 5)
Example 2395. addcslashes() example<?phpCode Examples / Notes » addcslashesruben
jsAddSlashes for XHTML documents: <?php header("Content-type: text/xml"); print <<<EOF <?xml version="1.0"?> <html> <head> <script type="text/javascript"> EOF; function jsAddSlashes($str) { $pattern = array( "/\\\\/" , "/\n/" , "/\r/" , "/\"/" , "/\'/" , "/&/" , "/</" , "/>/" ); $replace = array( "\\\\\\\\", "\\n" , "\\r" , "\\\"" , "\\'" , "\\x26" , "\\x3C" , "\\x3E" ); return preg_replace($pattern, $replace, $str); } $message = jsAddSlashes("\"<Hello>\",\r\n'&World'\\!"); print <<<EOF alert("$message"); </script> </head> <body> <h1>Hello, World!</h1> </body> </html> EOF; ?> phpcoder
If you are using addcslashes() to encode text which is to later be decoded back to it's original form, you MUST specify the backslash (\) character in charlist! Example: <?php $originaltext = 'This text does NOT contain \\n a new-line!'; $encoded = addcslashes($originaltext, '\\'); $decoded = stripcslashes($encoded); //$decoded now contains a copy of $originaltext with perfect integrity echo $decoded; //Display the sentence with it's literal \n intact ?> If the '\\' was not specified in addcslashes(), any literal \n (or other C-style special character) sequences in $originaltext would pass through un-encoded, but then be decoded into control characters by stripcslashes() and the data would lose it's integrity through the encode-decode transaction. natnospam
I have found the following to be much more appropriate code example: <?php $escaped = addcslashes($not_escaped, "\0..\37!@\@\177..\377"); ?> This will protect original, innocent backslashes from stripcslashes. phpcoder
Forgot to add something: The only time you would likely use addcslashes() without specifying the backslash (\) character in charlist is when you are VALIDATING (not encoding!) a data string. (Validation ensures that all control characters and other unsafe characters are correctly encoded / escaped, but does not alter any pre-existing escape sequences.) You can validate a data string multiple times without fear of "double encoding". A single decoding pass will return the original data, regardless of how many times it was validated.) johannes
Be carefull with adding the \ to the list of encoded characters. When you add it at the last position it encodes all encoding slashes. I got a lot of \\\ by this mistake. So always encode \ at first. 21-sep-2003 07:44
<? function jsaddslashes($s) { $o=""; $l=strlen($s); for($i=0;$i<$l;$i++) { $c=$s[$i]; switch($c) { case '<': $o.='\\x3C'; break; case '>': $o.='\\x3E'; break; case '\'': $o.='\\\''; break; case '\\': $o.='\\\\'; break; case '"': $o.='\\"'; break; case "\n": $o.='\\n'; break; case "\r": $o.='\\r'; break; default: $o.=$c; } } return $o; } ?> <script language="javascript"> document.write("<? echo jsaddslashes('<h1 style="color:red">hello</h1>'); ?>"); </script> output : <script language="javascript"> document.write("\x3Ch1 style=\"color:red\"\x3Ehello\x3C/h1\x3E"); </script> |
Change Language
addcslashes addslashes bin2hex chop chr chunk_split convert_cyr_string convert_uudecode convert_uuencode count_chars crc32 crypt echo explode fprintf get_html_translation_table hebrev hebrevc html_entity_decode htmlentities htmlspecialchars_decode htmlspecialchars implode join levenshtein localeconv ltrim md5_file md5 metaphone money_format nl_langinfo nl2br number_format ord parse_str printf quoted_printable_decode quotemeta rtrim setlocale sha1_file sha1 similar_text soundex sprintf sscanf str_getcsv str_ireplace str_pad str_repeat str_replace str_rot13 str_shuffle str_split str_word_count strcasecmp strchr strcmp strcoll strcspn strip_tags stripcslashes stripos stripslashes stristr strlen strnatcasecmp strnatcmp strncasecmp strncmp strpbrk strpos strrchr strrev strripos strrpos strspn strstr strtok strtolower strtoupper strtr substr_compare substr_count substr_replace substr trim ucfirst ucwords vfprintf vprintf vsprintf wordwrap |
