I am trying to clean up text that a user could input in a form. I would appreciate any faster methods and extra precautions I could take to make sure that bad code is not injected via this form. ButI am having particular trouble with removing double quotes.
My code is:
str_replace(array('<','>',')','\$','(', '?', '.', ',' ,'!', '-', '+', '/', '\*', '\\', '"'), " ", $text)
But it will not match and remove the slanted quotes, like from MS word, “ to " which is the normal double quotes.
Can you help me with fixing this?
*I am using POST for the form and I am not using the input for anything more than parsing it.
Thanks
This is all that I am trying to do
str_replace(array('"'), " ", $text)
Replace double quotes with a space, but PHP is not recognizing double quotes from a program like Microsoft Word. Thanks
The MS smart quotes can be removed with this function.
function convert_smart_quotes($string)
{
$search = array(chr(145),
chr(146),
chr(147),
chr(148),
chr(151));
$replace = array("'",
"'",
'"',
'"',
'-');
return str_replace($search, $replace, $string);
}
Or add them to your code:
str_replace(array('<','>',')','\$','(', '?', '.', ',' ,'!', '-', '+', '/', '\*', '\\', '"', chr(145), chr(146), chr(147), chr(148)), " ", $text)
http://shiflett.org/blog/2005/oct/convert-smart-quotes-with-php