Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "str_replace"
-
$str = str_replace(array("\{","\}")," ",$str);
//Replaces with spaces the braces in cases where braces in places cause stasis1 -
Today, I had a small, but funny conversation with a person I knew from my education (application developing).
He suddenly asked, how to prevent using HTML-Tags in PHP.
So I send ihm following line:
$string = str_replace(array("<", ">"), array("<", ">"), $string);
Shortly after the line, he asked, how to add this into his query, which looks like:
$query = "INSERT INTO comments (name, email, quote, hinzugefuegt, ip_adress) VALUES ('" . $_POST['vName'] . "', '" . $_POST['eMail'] . "', '" . $_POST['q17'] . "', NOW(), '" . $_SERVER['REMOTE_ADDR'] . "')";
Now I thought: "Well, he don't even secure his variables", and I posted a Pastebin, which only "fixes" his issue with replacing the HTML-Tags, but still allows SQL injection.
https://pastebin.com/kfXGje4h
Maybe I'm a bad person, but he doesn't deserve it otherwise, because when I was still in education with him, I told him, he should learn to use prepared statements.3 -
/**
* @fixme Properly escape this input, but for now str_replace(); will do.
*/
Ah, the good permanent temporary solutions.
fyi. The file in question has been untouched for 3-4 years. -
Today I made a php script to scrap a site.
And I needed to use str_replace in a string to cancel out some values.
Instead of doing simple str_replace I used explode func to separate them with spaces (without any comments on how or why the fuck I m using an explode instead of a str_replace).
Later, I used $p[1] for further processing. -
everyone has one function that they have to look up every time they use it. for me its str_replace() in php. i can never remember the order of the parameters...and ive been using it for almost 10 years....3