News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Professional PHP Blog:
Two preg_replace Escaping Gotchas
November 14, 2005 @ 06:14:49

From the Professional PHP Blog today there are two "preg_replace gotchas" they wanted to let you know about.

preg_replace is a major workhorse function in PHP. Unfortunately, there are some less than obvious issues with using it properly. Here are two:

  • The e modifier causes the replacement value of preg_replace (including backreferences) to be evaluated as PHP code. This is a powerful capability. If you've ever seen an SQL injection, this sounds dangerous. It would be, too, but PHP automatically escapes any backreferences because building the string to evaluate.
  • Second, most users of the preg_ functions are familiar with preg_quote for escaping strings to use them as literals in regular expression patterns. However, many people don't realize that the replacement parameter of preg_replace also has special characters.

He also gives code examples of each of these situations and shows you what to do to take the safer route around them...

0 comments voice your opinion now!
preg_replace gotchas problem preg_replace gotchas problem


blog comments powered by Disqus

Similar Posts

Nick Halstead's Blog: PHP Programming Contest - Win Zend Studio

Stuart Herbert's Blog: Researching Distro-Specific PHP Problems

Professional PHP Blog: Two preg_replace Escaping Gotchas

Cal Evans' Blog: I called Zend_Json::encode(), so WTH are all my properties?

Stefan Koopmanschap's Blog: Adding a link to a form element with Zend Framework


Community Events

Don't see your event here?
Let us know!


php7 podcast application example framework conference introduction release configure performance interview symfony2 series language laravel opinion library voicesoftheelephpant api community

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework