PHP: quotemeta

Description

string quotemeta ( string str )

Returns a version of str with a backslash character (\) before every character that is among these:
. \ + * ? [ ^ ] ( $ )

Note: This function is binary-safe.

User Contributed Notes
quotemeta

runesk at linpro dot no
22-Apr-2004 02:52


As this do not escapes |, you should be careful using a quotemeta'ed string as a valid regexp pattern. I ran into such a hole just now, and ended up using this code:



<?php

$pattern = preg_replace("/\|/", "\\|", quote_meta($pattern);

?>

jama at keks dot com
15-Aug-2002 10:24


function cleanersql ($text) {

    return preg_replace('/([\W])/i',"\\\\\\1",$text);

    }



//**

- note the escaped escape chars (\)

- add chars to preserve in this regex section: [\W*CHARS*] 

- give addslashes() a try ;-)

 */

jasongodsey at hotmail dot com
05-Mar-2002 09:51


function cleansql ($text) {

 $chars = preg_split('//', $text, -1, PREG_SPLIT_NO_EMPTY);

 $count = count($chars);

 for ($c=0; $c<$count; $c++) {

    $letter=$chars[$c];

    if (!preg_match("/[a-zA-Z0-9]/", $letter)) {

        $return .= "\\$letter";

    } else {

        $return .= "$letter";

    }

 }

 return $return;

}



# I use this so quote just about everything.



# $blah='jason**$_';

# $newblah = cleansql($blah);

# print "$newblah\n";

# returns:  jason\*\*\$\_

15-May-2001 05:41


This function escapes characters that have special meaning in regular expressions.  preg_quote() <http://php.net/manual/en/function.preg-quote.php> has similar functionality, but is more powerful since it escapes more characters (including one user-specified character).

03-Apr-2001 02:04


qutemeta() is note for quoting meta tags, but is for quoting characters which can be misunderstanded by php or a database.