Remove Non Printing Characters From Text

•

What is DaniWeb IT Discussion Community?

You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 425,819 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,015 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our PHP advertiser: Lunarpages PHP Web Hosting

Thread Tools Display Modes

Views: 1139 | Replies: 2

•

Join Date: Aug 2004

Posts: 18

Reputation: ray_broome is an unknown quantity at this point

Rep Power: 5

Solved Threads: 0

ray_broome ray_broome is offline

Offline

Newbie Poster

Remove Non Printing Characters From Text

May 15th, 2008

Hi,

I've got a form with a few text fields, and only today I noticed that when i tried copying some text from an email and pasting it into one of the fields, after submitting to the database (and printing the query), i noticed that the name sent had something extra.

Say "sweet" was the value in the field, then i saw "sweet\r\n" being sent to the db table. What i'm wondering is how can i remove any extra non printing characters such as these? I was thinking of using this regexp - "\r{0,1}\n" which so far seems to take out "\r\n" at least but just in case any 'weird stuff' gets copied/pasted into a field i would like to make sure it's removed and just the text itself is sent.

Thanks in advance for any advice/help

•

Join Date: Mar 2007

Location: GA

Posts: 27

Reputation: blufab is an unknown quantity at this point

Rep Power: 2

Solved Threads: 1

blufab

Offline

Light Poster

Re: Remove Non Printing Characters From Text

May 16th, 2008

To remove all ascii non-printable characters you would want to remove decimal values 0-31 & 127. This should remove most funky characters.

•

Join Date: May 2008

Posts: 31

Reputation: rgviza is an unknown quantity at this point

Rep Power: 1

Solved Threads: 5

rgviza

Offline

Light Poster

Re: Remove Non Printing Characters From Text

May 16th, 2008

Help with Code Tags

(Toggle Plain Text)

$formvar = preg_replace("/[^\w\d]/g","",$formvar);

inside the brackets add any special characters you want to allow. example:
[^\w\d\-\@\.\&\n ] (note the unescaped space)

A whitelist is far more powerful than just removing characters you think are bad. It's future proof.

This regex tells preg it wants to replace everything except the characters listed after the carat. In a bracketed character list carat means "anything except the following".
\w = word characters
\d = numeric digits
the rest are just escaped individual characters.

For address data like "apt. #305". You can do a regex in front of the one I gave that converts "#" to "number" or don't do anything before to let the above just remove it.

Help with Code Tags

(Toggle Plain Text)

$formvar = preg_replace("/\#/g","number",$formvar);

Also remember that you can't do:

Help with Code Tags

(Toggle Plain Text)

$_POST['formvar'] = preg_replace("/\#/g","number",$_POST['formvar']);

because this array is immutable. but

Help with Code Tags

(Toggle Plain Text)

$formvar = preg_replace("/\#/g","number",$_POST['formvar']);

would work.

By not allowing ; or # you also break encoded characters on query string or POST which is a good measure to help break XSS. By not allowing ' or " and ; you help break sql injections, though you should also use the functions for filtering query data. The &'s used for argument separation aren't affected since these are not included in the data when you read them for php.

Default deny for the win. You may need to do a few tweaks if you discover stuff getting scrubbed that shouldn't be, but it's way more secure than doing it the other way.

-r