escape special character from string in php

Question

we are trying to escape some special character from our string please tell me the function that we have to use eg HTC Desire 210 – White
In this example we escape -(hyphen) special character. In above example we have lot of product name with different different special character that we escape it. thanks for your co-operation.

Answer 1

Pass string in this function.

function clean($string){
   $string = str_replace(' ', '-', $string); // Replaces spaces with hyphens.
   return preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
}

For more info, check this Remove Special Character - Stackoverflow

Answer 2

例如，您可以使用str_replace ；

str_replace(array(':', '-', '/', '*'), '', $string);

Answer 3

The mysqli_real_escape_string() function escapes special characters in a string for use in an SQL statement.

Syntax:

mysqli_real_escape_string(connection,escapestring);

Example Escape special characters in a string:

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);

$sql="INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('$firstname', '$lastname', '$age')";

if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);
?> 

connection Required. Specifies the MySQL connection to use

escapestring Required. The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

Answer 4

If you need to escape characters that would break a regex / PCRE function (eg, preg_match() ) if not escaped, you can use preg_quote()

For example, let's say your needle and haystack are:

$needle   = "needle(";
$haystack = "ibivfdubdvwbneedle(cihbdhcbds";

The following preg_match() will throw a warning:

var_dump(preg_match("/" . $needle . "/", $haystack)); -----> WARNING preg_match(): Compilation failed: missing ) at offset 7 on line number 9 bool(false)

because a left parenthesis is a character used in regular expression syntax. However, if you use preg_quote() on the needle, the left parenthesis will be escaped and the regex check will execute:

var_dump(preg_match("/" . preg_quote($needle) . "/", $haystack)); ----> int(1)

More discussion about preg_quote() here .

Answer 5

use the system function $city = $mysqli->real_escape_string($city);

here : http://php.net/manual/en/mysqli.real-escape-string.php

Answer 6

If you want to use the string for database's SQL operation then You can escape special characters in mysqli using function mysqli_real_escape_string() .

Syntax:

mysqli_real_escape_string(connection,escapestring);

Example:

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$your_string = 'string "hi" ';
$escaped_string = mysqli_real_escape_string($con, $your_string);
$sql = 'select * from tablename where fields like "%'.$escaped_string. '%" ';
$result = $conn->query($sql);

//here you can iterate over result array for displaying result

?>

you can use addslashes() to escape the string, which Returns a string with backslashes added before characters like:

• single quote (')
• double quote (")
• backslash (\)
• NUL (the NUL byte)

But addslashes() has some vulnerabilities to sql injections for detail see the answer of this question Examples of SQL Injections through addslashes() , so better to use mysqli_real_escape_string() function if you are doing database operations.

Or if you want to escape characters for regular expressions then you can use preg_quote ( string $str [, string $delimiter = NULL ] ) , which puts a backslash in front of every character that is part of the regular expression syntax. regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -

Note: But be careful preg_quote() will not escape single(') or double quote(") .

Answer 7

You can use addcslashes() .

Returns a string with backslashes before characters that are given in second parameter

<?php
echo addcslashes("union [", '+,-,[,]');
// output: union \[
?>