str_replace removing unwanted characters...

Someone from this list (sorry I cannot remember the name), a while back, =
gave me the following function to use to get rid of unwanted characters =
coming in on forms:

function convert_smart_quotes($string)=20
{
$search =3D array(chr(145),
chr(146),
chr(147),
chr(148),
chr(151),
"#",
";",
"[",
"]",
"{",
"<",
">",
"=3D",
"URL=3Dhttp://");
$replace =3D array("'",
"'",
'"',
'"',
"-",
"number",
",",
"",
"",
"",
"",
"",
"",
"equals",
"");
return str_replace($search, $replace, $string); }

This has been working pretty good, however every once in a while =
something won't go through, such as the following text recently (between =
the dashed lines). It sent a confirmation email with no order number and =
did not make a record in the database:

------------------------------------------------------------ -------------=
-----------
Attn Jean Spence

Order to remove 644-8502, add a daytime voice mail tree to Help Desk =
ACD, Upgrade 644-4357 Supervisor Set. A detailed flowchart will be =
emailed to Jean Spence and Mark Purvis.

This ENTIRE order MUST be coordinated with Mark Purvis

1. Steps to remove 4-8502
NOTES: 4-8502 will need a LEN. OTC will do this in-house
For 1 month - a recording which states that the number has changed to =
644-HELP- that's 644-4357 and then transfer the call to 4-4357
For 1 month - a recording which states that the number has changed to =
644-HELP- that's 644-4357- NO transfer.
Cancel 644-8502

2. "New " VM Tree Greeting 1- Need NEW DN for this!!! (Please =
coordinate with Suzanne for recordings).

3. Change call queue time

Any questions, please contact me.
Thanks!
Suzanne
------------------------------------------------------------ -------------=
-----------

When I re-entered the order using the following text (between the =
starred lines), the order went through:

***********************
Attn Jean Spence

Order to remove 644-8502, add a daytime voice mail tree to Help Desk =
ACD, Upgrade 644-4357 Supervisor Set. A detailed flowchart will be =
emailed to Jean Spence and Mark Purvis.

This ENTIRE order MUST be coordinated with Mark Purvis

see email for details
***********************



Also, we are getting back for example "I\'m hoping..." Somehow the =
slashes are coming through in the field and in the emails. I am not =
even sure what is putting them in, as I don't see that in the replace =
function. =20

Trish
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Patricia Van Buskirk
Florida State University, Office of Telecommunications
644 W. Call Street
Tallahassee, FL=A0 32306-1120
(850) 644-9247
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: str_replace removing unwanted characters...

On Fri, Feb 29, 2008 at 2:18 PM, VanBuskirk, Patricia
wrote:
> Someone from this list (sorry I cannot remember the name), a while back, gave me the following function to use to get rid of unwanted characters coming in on forms:
>
> function convert_smart_quotes($string)
> {
> $search = array(chr(145),
> chr(146),
> chr(147),
> chr(148),
> chr(151),
> "#",
> ";",
> "[",
> "]",
> "{", // Note the missing "}" closing curly bracket here
> "<",
> ">",
> "=",
> "URL=http://");

Above, there are only 14 search terms, but below, there are 15
replace terms. Below the line I commented, add:
"}",

> $replace = array("'",
> "'",
> '"',
> '"',
> "-",
> "number",
> ",",
> "",
> "",
> "",
> "",
> "",
> "",
> "equals",
> "");
> return str_replace($search, $replace, $string); }
[snip!]


> 2. "New " VM Tree Greeting 1- Need NEW DN for this!!! (Please coordinate with Suzanne for recordings).

See the parentheses above? I'll bet dollars to donuts that's your
killswitch. See my updated arrays at the end of this email.

[snip!]
> Also, we are getting back for example "I\'m hoping..." Somehow the slashes are coming through in the field and in the emails. I am not even sure what is putting them in, as I don't see that in the replace function.

There's either an addslashes() function somewhere or a missing
stripslashes().

Prior to inserting the data into the database, you should sanitize
it using mysql_real_escape_string(). So, for example, if your SQL
query looks like this:

$body = convert_smart_quotes($string);
$sql = "INSERT INTO email(body) VALUES($body)";

It should be changed to:

$body = mysql_real_escape_string(stripslashes(convert_smart_quotes($ string)));
$sql = "INSERT INTO email(body) VALUES($body)";

And if that's not fixing the error for emails being sent, then
find where the mail() function resides and replace the message body
variable with something similar to:

$message = stripslashes($message);


Finally, the new arrays (rewritten function) I promised.

function convert_smart_quotes($string) {
$search = array(chr(145),
chr(146),
chr(147),
chr(148),
chr(151),
"#",
";",
"[",
"]",
"{",
"}",
"(",
")",
"!",
"<",
">",
"=",
"URL=http://");
$replace = array("'",
"'",
'"',
'"',
"-",
"number",
",",
"",
"",
"",
"",
"",
"",
".",
"",
"",
"",
"equals",
"");
return str_replace($search,$replace,$string);
}

--


Daniel P. Brown
Senior Unix Geek


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: str_replace removing unwanted characters...

Thanks again Daniel ... I'll look into the html_entity_decode and see
what I can figure out. You have a great weekend too!

-----Original Message-----
From: Daniel Brown [mailto:parasane@gmail.com]=20
Sent: Saturday, March 01, 2008 7:06 PM
To: VanBuskirk, Patricia
Subject: Re: [PHP-DB] str_replace removing unwanted characters...


Replying back on-list, Patricia, so you can get some feedback from
the talented people here, as well.

On Sat, Mar 1, 2008 at 6:30 PM, VanBuskirk, Patricia
wrote:
> Thanks Daniel! I appreciate your help!! I've fixed the mismatched
> search items and got the slashes out.
>
> I think I've narrowed down what was being causing that particular
order
> to kick back. I copied and pasted the text from the database to
> dreamweaver. Where it said " For 1 month - a recording" and in two
> other cases, the dashes were showing as "–" in the code. When
I
> removing those particular dashes, the order went through. She said
she
> copied and pasted that text, so I guess that code was copied in. How
> can I check for freaky things like that?

That would be something best handled by built-in functions such as
html_entity_decode();. Encapsulated in a mysql_real_escape_string()
function return, it should be safe, but for readability,
compatibility, and other-ability (whatever that may be), you may still
want to read up more on the HTML-translation family here:
http://www.php.net/manual/en/function.html-entity-decode.php

Any other questions, please don't hesitate to ask. Have a great
weekend!

--=20


Daniel P. Brown
Senior Unix Geek


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php