Really Quick PHP Help REQ

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dirtysouth
    Confirmed User
    • Jul 2003
    • 2613

    #1

    Really Quick PHP Help REQ

    I need to trim special characters out of a form because it's parsing the "'" (single quote) and fucking up a cart I'm building. Users that have something like "Joe's Mags" crashes the cart due to the single quote. Here's what I have:

    PHP Code:
    if(!empty($_POST['shipcompany']))
    {
        $shipcompany= trim($_POST['shipcompany']);
    }
    else
    {
        $shipcompany = '';
    } 
    
    Been mucking around with this:

    PHP Code:
    $shipcompany = "'!£$%^&ss*()}{@:'#~/?><>/ 1 2 3 4 5 3/.,/:@/||\-=-__++-¬``1`sds";
    $shipcompany = preg_replace('/[^a-z0-9]/', '', $shipcompany); 
    
    I just don't know how to mesh the code together. Thanks in advance as you guys always come through in a pinch and the client is pinching the fuck outta me ATM!
    no sig
  • Zorgman
    Confirmed User
    • Aug 2002
    • 6103

    #2
    Why not addslashes?
    ---

    Comment

    • brandonstills
      Confirmed User
      • Dec 2007
      • 1964

      #3
      http://us.php.net/addslashes

      Brandon Stills
      Industry and programming veteran
      [email protected] | skype: brandonstills | ICQ #495-171-318

      Comment

      • fluffygrrl
        So Fucking Banned
        • May 2006
        • 2187

        #4
        And btw, don't start the regexp engine if you don't REALLY need it. it's a hog.

        Comment

        • k0nr4d
          Confirmed User
          • Aug 2006
          • 9231

          #5
          I'm in awe that you know how to write regex like that but didn't know about addslashes :P
          Mechanical Bunny Media
          Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

          Comment

          • bDok
            Confirmed User
            • Feb 2005
            • 1917

            #6
            or ... mysql_real_escape_string

            ugh.
            =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
            Warriors come out to plaAAaayyy!
            =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

            Comment

            • fluffygrrl
              So Fucking Banned
              • May 2006
              • 2187

              #7
              Originally posted by k0nr4d
              I'm in awe that you know how to write regex like that but didn't know about addslashes :P
              I think it's pretty obvious he c/p'd stuff he found on the internetz.

              Comment

              • GrouchyAdmin
                Now choke yourself!
                • Apr 2006
                • 12085

                #8
                Originally posted by bDok
                or ... mysql_real_escape_string

                ugh.
                Don't forget, mysql_real_escape_string() requires a handler, so you must have an open DB socket to use it.

                For the love of god, people, learn to sanitize your variables.

                Comment

                Working...