> Yes, no problem! Glad it worked out. you may wish to actually study the
> perlre man page on perl.com. This goes into the most details and talks
about
> how PERL actually EXTENDS shell regular expressions significantly and
> excellent resource that I have used many many times.
>
> I figure since PHP regexps are perl compatible, might as well go to the
> source, no?
>
> My other suggestion is that if you are taking this HTML and putting into a
> database, especially MySQL you should scrub for pipes, nulls and slashes,
> hackers can exploit user input to open a tty or shell or even access user
> files like /etc/passwd and mess wid ya.... here are a few regexps that do
> that
While I agree that regexp are powerful and useful, the examples you gave are
better suited to using str_replace(), trim(), or nl2br() calls rather than a
regular expression.
Also, about the "warning" for inserting data into a database... try not to
scare people to much. If you have
column = '$value'
or
column = "$value"
in your query, as long as you've run addslashes on $value to escape single
quotes in the first case and double quotes in the second, there's no
vulnerabilities.
If you have
column = $column
then you BETTER make sure that $column is a number and only a number. When
you put unquoted (unquoted within the actual SQL, not PHP) values into your
SQL, that's when you open yourself up to vulnerabilities if you're not
validating that the value is only a number.
> For pipes:
> preg_replace('/\|/g','',$html_string);
> For nulls:
> Preg_replace('/\0/g','',$html_string);
> For slashes
> preg_replace('/\//g','',$html_string); # to be clearer, you can use s!\/!
> g; just so you can see where the regexp begins and ends.
str_replace('|','',$html_string);
etc...
> Some other useful ones for data like the stuff you're doing:
> Spaces at the beginning:
> /^\s/
> spaces at the end:
> /\s$/
trim()
> <br> tags into \n
> preg_replace('!\<br\>!', "\n", $string);
nl2br();
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
