-
Notifications
You must be signed in to change notification settings - Fork 2
/
string_utils.php
75 lines (61 loc) · 2.24 KB
/
string_utils.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
//a set of functions Ilya wrote to sanitize user input
//Replace all html tags
function stripTags($my_str) {
$str1 = preg_replace('/<\/?[^>]+(>|$)/i', "",$my_str);
$str1 = stripSpecials($str1);
return $str1;
}
//Trim all invalid chars from string and replace them by spaces.
function stripSpecials($str) {
$str = trim(str_replace(array("\n", "\r", "\t", "\o", "\xOB"), ' ', $str));
return $str;
}
//Change Ampersand (&) to its ASCII equivalent (just in case)
function stripAmp($str) {
$str = str_replace("&", "&", $str);
return $str;
}
//Strip HTML comments
function stripComments($str) {
$str = preg_replace('/<!--(.|\s)*?-->/', '', $str);
return $str;
}
function utf_for_db($str) {
$str = str_replace(chr(194),'', $str); //replacing  char --> really annoying char
$str = preg_replace('/[\x91\x92]/u', "'", $str); //replacing smart quote (unicode)
$str = preg_replace('/[\x93\x94]/u', '"', $str); //replacing double-smart quote (unicode)
$str = preg_replace('/[^(\x20-\x7F)\x0A|\x0D]*/','', $str); //replacing all other weird characters (Especially produced by MAC OS)
$find[] = '“'; // left side double smart quote
$find[] = 'â€'; // right side double smart quote
$find[] = '‘'; // left side single smart quote
$find[] = '’'; // right side single smart quote
$find[] = '…'; // elipsis
$find[] = '—'; // em dash
$find[] = '–'; // en dash
$find[] = '’'; // single quote
$find[] = '‒'; // single quote
$replace[] = '"';
$replace[] = '"';
$replace[] = "'";
$replace[] = "'";
$replace[] = "...";
$replace[] = "-";
$replace[] = "-";
$replace[] = "'";
$replace[] = "'";
$str = str_replace($find, $replace, $str);
return trim($str);
}
//Sanitizing function for DB (includes multiple functions rolled into one) --> You can wrap $str in the stripAmp function before calling utf_for_db
function sanitizeString($str) {
return mysql_escape_string(stripSpecials(stripComments(utf_for_db($str))));
}
//this function cleans up a http parameter so that it's read-able, but not sanitized to insert into the db
function clean($str){
$str = urldecode($str);
$str = stripSpecials($str);
$str = stripslashes($str);
return $str;
}
?>