Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
664 views
in Technique[技术] by (71.8m points)

php - Enclosing the string with double quotes

I am trying to handle text which may contains single quotes and other special char. If it is enclised with single quote, it does not proceed. So I am trying to enclose single quoted string into double quoted string.

I already checked previous threads.

Here is the code:

Check result : http://ideone.com/gWFdUb

<?php
function clean($string) {
    eval('$string = "'.$string.'";');
   $string = str_replace(' ', ' ', $string); // Replaces all spaces with hyphens.
   return preg_replace('/[^A-Za-z0-9 @-]/', '', $string); // Removes special chars.
}

$d =  clean('this was readlly n'ice 'test for@me to') ;
echo $d;

What wrong with eval line?

I am processing user tweets, post for two purpose.

  1. To store into mysql table. (mysqli_real_escape) did not help
  2. To process the each string into text for matching and POS(part of speech) tagging.

I get stuck due to such characters in text. So trying to remove it before I start processing.

UPDATE:

Check this, here I am already using mysqli_real_escape_String even the script stops when it reach this

...
mention-179
May Thanks @ShaleMarkets @01Finser @52York @AB_CutRock @AFSPG @AJSmith222 @AlbertaEnergy @andymartin @annemullettamg @APGQ_officiel-440929408564477952-Tue Mar 04 19:18:57 +0000 2014-19:03:572014:03:04201403Adnan Aftab Nizamani0131

mention-180
Thank you for @ShaleMarkets, to promoting, thank you very much for an award. Glad to have been able to help you :)-440897048963850240-Tue Mar 04 17:10:22 +0000 2014-17:03:222014:03:04201403?-??i?-0582

mention-181
@ShaleMarkets https://t.co/aM8liykQqR-440890009273393152-Tue Mar 04 16:42:24 +0000 2014-16:03:242014:03:04201403Bre Burey018

What's wrong in mention-181 so that it got stuck? Here is the code

    foreach ($tweets1 as $item)
    {       
        $count = $count + 1;
        $text = $item->text;
        //echo $userid.$text;
        $text_id = $item->id;
        $constant = 'mention';
        $time = $item->created_at;
        //echo $time;
        //$dt = new DateTime('@' . strtotime($time));
        $dt = DateTime::createFromFormat('D M d H:i:s e Y', $time);
        //var_dump($dt);
        $tweet_time = $dt->format('H:m:s');
        $tweet_dtm = $dt->format('Y:m:d');
        $year =  $dt->format('Y'); 
        $month =  $dt->format('m'); 
        $user_name = $item->user->name;
//      echo $year.$month.$user_name;
        $inreplyto =  $item->in_reply_to_screen_name;
        $rt_count = $item->retweet_count;
        $follower_count = $item->user->followers_count;
        echo $constant."-".$count."<br>".$text."-".$text_id."-".$time."-".$tweet_time.$tweet_dtm.$year.$month.$user_name.$rt_count.$follower_count."<br>";
        echo "<br>";
        $con = mysqli_connect('127.0.0.1', 'root', 'root', 'root');         
        if (mysqli_connect_errno())
        {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
            return;
        }
        $text = mysqli_real_escape_string($con,$text);
        $insertQuery1 = "INSERT INTO twitter_mention(`username`,`userid`,`tweet_text`,`text_id`,`time`,`month`,`year`,`date`,`user_follower_count`,`rt_count`,`constant`,`in_reply_to`) VALUES ('".$twitteruser."','".$userid."','".$text."','".$text_id."','".$tweet_time."','".$month."','".$year."','".$tweet_dtm."','".$follower_count."','".$rt_count."','".$constant."','".$inreplyto."')";

        if (!mysqli_query($con,$insertQuery1))
        {
        //  die('Error: ' . mysqli_error($con));
        //  echo "error";
        }
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Always use contextual escaping

You can't generically "clean" data without any context of what it's for. Do not try to build a single function to handle all the possible cases. Just don't. It's pointless. In your function, you're trying to "clean" the string by removing certain characters. You can't clean a string by removing a set of characters. That idea is flawed because you're always going to have to allow the use of some characters that are special in some syntax or the other.

Instead, treat the string according to the context where it's going to be used. For example:

Further reading:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...