I have a .htaccess file that is used by an advanced SEO URL php system installed on my osCommerce site.
It has the following rules that work just fine for most cases, but removing periods from my GET parameters:
RewriteRule ^([a-z0-9/-]+)-c-([0-9_]+).html$ index.php [NC,L,QSA]
RewriteRule ^([a-z0-9/-]+)-m-([0-9]+).html$ index.php [NC,L,QSA]
So URL like this:
http://example.com//index.php?cPath=44_95&page=1&range=1.99_2.99
gets rewritten according to the rule and the 1.99_2.99 becomes 199_299.
How can I escape the period safely? (ie. without causing some random side effects)
The standard escape character for .htaccess regular expressions is the slash ("\").
RewriteRule ^([a-z0-9/-]+)-c-([0-9_]+)\.html$ index.php [NC,L,QSA]
^^
RewriteRule ^([a-z0-9/-]+)-m-([0-9]+)\.html$ index.php [NC,L,QSA]
^^
The slash will prevent the meaning of the dot and escape it so that the dot is taken verbatim as a character to match (period, ASCII code 46 / x2E) .
The other suggestion given in the comment to create a character class consisting of the dot only ("[.]") does the job as well, but it's perhaps a bit over the top to create a character class while you only want to name a single character. But it's technically working (and has been suggested for example in escaping dot in Apache mod_rewrite).
BTW: Apache rewrite uses Perl Compatible Regular Expression (PCRE) which is the same flavour of regex like PHP is using in the preg_* family of functions which is PHP's preferred regex dialect.