Hi there

I'm using preg_replace to replace ' and " with a backslash in front of them so that I don't get problems with my MySQL INSERT queries. But at the moment I can only replace them with one charater as below:

$unedited = $_POST['content'];
$content = preg_replace("/['|\"]/", "\'", $unedited);

At the moment that just replaces both ' and " with ' which isn't ideal. Can anyone tell me how I'd be able to replace them with the respective charater. (e.g. ' would be replaced with \' and " would be replaced with\")

Recommended Answers

All 5 Replies

Umm.. I am not sure about preg_replace. But you can do the same with str_replace!

$txt="' is a single quote \" is a double quote.I want to replace ' with \' and \" with \" ";
echo "Actual text: " .$txt."<br />";
echo "Replaced text: ". $x;

Hope it helps!

commented: Helpful as always ;) +1

you dont need str_replace inside str_replace etc etc.

use two arrays

$your_txt = "Hello 'WORLD'";
$txt = array("'", "\"");
$txt_replace = array("\'", "\\\"");
$x=str_replace($txt, $txt_replace, $your_txt);
echo $x;

this way you can have two arrays and no messy inner replacements inside replacements.

although nav33n may have shown you his way as at first it appears easier (both do the same trick).

commented: Nice variation from what was suggested +1

... I'm not entirely sure why'd you write your own function when the built-in addslashes function works perfectly well.

... I'm not entirely sure why'd you write your own function when the built-in addslashes function works perfectly well.

Aye, I was wondering the same thing.

addslashes() is slightly different - it escapes a couple of extra characters (including '\' and NUL). However, these (especially \) need to be escaped anyway.

So, to fill in the original example...

$unedited = $_POST['content'];
$content = addslashes($unedited);

However, you might be looking to learn how to use preg_replace... so we'll go back to the original example.

You can use preg_replace() like Fungus did with str_replace - sending an array as the search and replacement parameters.

The problem with your example is that you're only presenting one thing for the replacement parameter - "\'".

In order to replace ' with \' and " with \" you need to do one of a few things - perform two preg_replaces (one for each replacement), use arrays within the preg_replace, or use a variable in the regex to print the quote based on what the search found. I'm not that good with regex, so I'm not sure if you can do that... but I think you can.

Anyhow, here's an example of how you could use arrays to perform the desired function with preg_replace.

$string = "\"You're not very wise,\" said the wise man.";

$string = preg_replace(array("/'/", '/"/'), array("\'", '\"'), $string);
echo $string;

That appears to escape both the single and double quotes just fine.

Good luck,
- Walkere

commented: For someone so new to the site you really helped out big time ;) +1

All I can say is WOW. I have to admit that I'm somewhat of a noob to PHP and that addslashes function is the best thing since sliced bread ;) :icon_cheesygrin:

Thanks to all of you for your response and especially to you Walkere (extra rep for you ;) ) for taking the time to give an example using pre_replace. Much appreciated.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.