 |  |  |  |  |  |  |  |
Replace Chars in String Problem
Please support our JavaScript / DHTML / AJAX advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Jun 2006
Posts: 61
Reputation: 
Solved Threads: 0
Junior Poster in Training
Hi to all, hi have the following problem, I hope someone can help me.
I need to replace special chars that appear in a string.
for example if I have the string:
this- is a !string with special chars-
I want to receive
this45 is a 33string with special chars45
* The numbers in the string are the ascii code of every char.
I try using the "replace" method, but only work with the first char appearance of the char, if I the char appear more that once in the string
the replace method replace only the first appearance.
for example if I have the string:
this- is a !string with special chars-
I receive:
this45 is a 33string with special chars-
Leaving the second '-' without changing it.
Thanks
I need to replace special chars that appear in a string.
for example if I have the string:
this- is a !string with special chars-
I want to receive
this45 is a 33string with special chars45
* The numbers in the string are the ascii code of every char.
I try using the "replace" method, but only work with the first char appearance of the char, if I the char appear more that once in the string
the replace method replace only the first appearance.
for example if I have the string:
this- is a !string with special chars-
I receive:
this45 is a 33string with special chars-
Leaving the second '-' without changing it.
Thanks
•
•
Join Date: Jun 2006
Posts: 7,628
Reputation: 
Solved Threads: 468
Use the
Another complicated, but elegant solution would be to use the
replace function iteratively as long as given character occurs in the target string (can be found out using indexOf ). Post your code so that we can suggest possible modifications.Another complicated, but elegant solution would be to use the
replace function which uses a Regular Expression along with the g(global) modifier, substitution variable and anonymous functions. Something like: JavaScript / DHTML / AJAX Syntax (Toggle Plain Text)
Last edited by ~s.o.s~; Aug 28th, 2008 at 2:09 pm.
I don't accept change; I don't deserve to live.
•
•
Join Date: Jul 2006
Posts: 1,091
Reputation:
Solved Threads: 63
If you're doing this for the purpose of input sanitizing, there are probably less 'safe' characters than there are 'unsafe' characters, create a new empty string ( string 2 ) loop over the input string ( string 1 ), one character at a time, if the character is in the range a-b, A-B, 0-9, then place it at the end of string 2, otherwise place the code of the character at the end of string 2. Simple as anything.
Don't bother trying to replace every special character ( especially if your sanitizing for a database or a shell script ) because you'll likely miss one, if you only allow the safe characters, the only risk is that you forget to allow something safe, and that's quite a bit better than forgetting to block something unsafe. Basically, it's always safer to whitelist than it is to blacklist.
Don't bother trying to replace every special character ( especially if your sanitizing for a database or a shell script ) because you'll likely miss one, if you only allow the safe characters, the only risk is that you forget to allow something safe, and that's quite a bit better than forgetting to block something unsafe. Basically, it's always safer to whitelist than it is to blacklist.
Plato forgot the nullahedron..
•
•
Join Date: Jun 2006
Posts: 7,628
Reputation:
Solved Threads: 468
> If you're doing this for the purpose of input sanitizing
That doesn't seem to be the case here since converting special / blacklisted characters to their equivalent codes doesn't serve any purpose. Also,
That doesn't seem to be the case here since converting special / blacklisted characters to their equivalent codes doesn't serve any purpose. Also,
encodeURIComponent(string) seems to be a more appropriate escaping function than manually doing so. I don't accept change; I don't deserve to live.
•
•
Join Date: Jul 2006
Posts: 1,091
Reputation:
Solved Threads: 63
Regardless of whether you're doing this for input sanitising or not, the method I suggested has the best complexity guarantee.. it's always O( n ). Worst case, assuming a string of all special characters, for calling replace multiple times is O( 1 + 2 + 3 + 4 + .. + n ), and I have no idea about the worst case for regexes; but I assume it's not as good as O( n ).. [ Even it it is O( n ), the implicit factor on n and the initial overhead is likely higher than it is for manually doing it by looping, although, if the input strings are epicly massive, maybe the overhead of regex setup is outweighed ]. Of course, if you blacklist the special characters, you have to multiply all those n's by a factor k ( number of illegal characters ), if you whitelist only alphanumeric characters, you can check for the character being in the range a-z,A-Z,0-9 using charCodeAt(i) and the known ascii values for the starts and end of those ranges == a small constant factor.
Looping and checking each char is also the simplest one to write/understand, so it's a win all round IMHO.
I disagree, this could certainly be used as an effective one-way sanitization technique -- coupled with wrapping the processed input in a pair of quotes -- but of course, who am I to second guess the OP.
Probably. Certainly if you ever want to unescape.
Looping and checking each char is also the simplest one to write/understand, so it's a win all round IMHO.
•
•
•
•
Originally Posted by ~s.o.s~
That doesn't seem to be the case here since converting special / blacklisted characters to their equivalent codes doesn't serve any purpose.
•
•
•
•
Originally Posted by ~s.o.s~
Also, encodeURIComponent(string) seems to be a more appropriate escaping function than manually doing so.
Plato forgot the nullahedron..
•
•
Join Date: Jun 2006
Posts: 7,628
Reputation:
Solved Threads: 468
> I disagree, this could certainly be used as an effective one-way sanitization technique
Sanitization by converting special characters to their numeric equivalents rather than escaping them? When talking about web applications, the majority of escaping which happens is to prevent arbitrary input from messing up manual form submissions / asynchronous submits for which
> Probably. Certainly if you ever want to unescape.
At least in J2EE, the unescaping is automatic so
And as far as the complexity analysis is concerned, one should rather use tried and tested library / proven methods than worrying oneself with premature optimization. Don't optimize unless you have benchmarked and it really is slow in the context of your requirements / application design. And BTW, regular expression engines nowadays are super optimized state machines which can almost come close to the manual search and replace when used with care. :-)
Sanitization by converting special characters to their numeric equivalents rather than escaping them? When talking about web applications, the majority of escaping which happens is to prevent arbitrary input from messing up manual form submissions / asynchronous submits for which
encodeURIComponent works nice enough. So I still don't see any real need to roll something custom unless of course the exercise is for learning purpose.> Probably. Certainly if you ever want to unescape.
At least in J2EE, the unescaping is automatic so
And as far as the complexity analysis is concerned, one should rather use tried and tested library / proven methods than worrying oneself with premature optimization. Don't optimize unless you have benchmarked and it really is slow in the context of your requirements / application design. And BTW, regular expression engines nowadays are super optimized state machines which can almost come close to the manual search and replace when used with care. :-)
I don't accept change; I don't deserve to live.
•
•
Join Date: Jul 2006
Posts: 1,091
Reputation:
Solved Threads: 63
•
•
•
•
And as far as the complexity analysis is concerned, one should rather use tried and tested library / proven methods than worrying oneself with premature optimization.
I wasnt strictly refering to sanitising as in sanitising a post/request value, I was considering sanitising a string for a database or a shell script, where input corruption is much more acceptable than integrity corruption.. but I pretty much forgot this is the Javascript forum, and any sanitization of that type should ( must! ) be done at the server anyway... and thats not gonna be done in Javascript.. unless using old-school ASP+serverside JS.. >_>
Last edited by MattEvans; Aug 29th, 2008 at 5:29 pm.
Plato forgot the nullahedron..
•
•
Join Date: Jun 2006
Posts: 7,628
Reputation:
Solved Threads: 468
> but I pretty much forgot this is the Javascript forum
Bah, I rest my case. :-P
Bah, I rest my case. :-P
I don't accept change; I don't deserve to live.
•
•
Join Date: Jun 2006
Posts: 61
Reputation:
Solved Threads: 0
Junior Poster in Training
Sorry to answer only now,but I was very busy...
Thanks for all the replies, this is the code I'm using:
The original code is "MyStr-ing-" and after running the code the string will be "MyStr45ing-", replacing only the first appearance, any ideas how to do it in a better way, and I way that will change all the chars.
Thanks
Thanks for all the replies, this is the code I'm using:
JavaScript / DHTML / AJAX Syntax (Toggle Plain Text)
The original code is "MyStr-ing-" and after running the code the string will be "MyStr45ing-", replacing only the first appearance, any ideas how to do it in a better way, and I way that will change all the chars.
Thanks
•
•
Join Date: Jun 2006
Posts: 7,628
Reputation:
Solved Threads: 468
Something like this maybe:
JavaScript / DHTML / AJAX Syntax (Toggle Plain Text)
I don't accept change; I don't deserve to live.
|
Similar Threads
- SQL Injection Attack (Database Design)
- Comparing Stringtokenizer Tokens (Java)
- problem with chars, space and strings... (C++)
- Quick search & replace with c-strings? (C)
- c++ project for JAPANESE learning (C++)
- MIPS - I'm Not getting the right answer :( Can anybody Review :) (Assembly)
- I've got Trojan.Holax... is this bad? (Viruses, Spyware and other Nasties)
- not-a-virusadware (Viruses, Spyware and other Nasties)
Other Threads in the JavaScript / DHTML / AJAX Forum
- Previous Thread: Combobox validation
- Next Thread: AJAX won't work with IE, but works with Firefox and Safari
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest JavaScript / DHTML / AJAX Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
ajax ajaxcode ajaxexample ajaxhelp ajaxjspservlets animate automatically browser bug calendar captchaformproblem checkbox child class close cookies createrange() cursor date debugger dependent disablefirebug dom dropdown editor element embed engine events explorer ext file form forms getselection google gxt hiddenvalue highlightedword hint html htmlform ie7 ie8 iframe image() images internet java javascript javascripthelp2020 jawascriptruntimeerror jquery jsf jsfile jump libcurl math matrixcaptcha media microsoft object onerror onmouseoutdivproblem onreadystatechange parent paypal pdf php player position post programming progressbar rated regex runtime scriptlets scroll search security session shopping size software sql star stars synchronous text textarea unicode validation variables web webservice website windowsxp wysiwyg \n
