Exactly, Carl. The HTML team data I'm dealing with comes in myriad formats -- nothing is uniform as each school presents their team data differently, not to mention potential inconsistencies (e.g. users mistakenly entering multiple spaces between fields and the like) within each format.
For the most part I intend to rely on regular expressions for this job, although I'm a little wary -- regexp syntax is tres bizarre ;--) Thanks for the clues; ultraedit.com has a great regexp tutorial........ Enjoy the spring/summer, --Noah ----- Original Message ----- From: "Carl Furst" <[EMAIL PROTECTED]> To: "Noah" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 30, 2003 7:44 AM Subject: RE: [PHP] strip_tags() Quandry.... As you can guess, I'm more a fan of the regular expressions myself being primarily a PERL head. However, PHP string functions are useful and convenient (like trim() for example), and they don't require you to know the in's and out's of regexps which can look like gobbledygook, be very confusing, and sometimes very difficult to use if you don't really know how they work. If you can get them to work, they are very powerful. However getting them to work can require some serious tweaking. I think the main thing when deciding which to use is how much control you want over what is done to your string. Using a PHP function can lead to precarious results sometimes if you don't know exactly what they do (nl2br(), for example, you have to be sure that ALL of your <br>'s are to occur right before a "\n", this isn't always the case). They also don't afford as much flexibility in some cases as regular expressions do (str_replace for replacing multiple spaces, for example). If it's something simple that you know a PHP function can take of, use it. If not, use regexps. They may take a bit more tweaking, but in the long run are much more flexible and a lot more powerful. Carl. -----Original Message----- From: Noah [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 11:03 PM To: CPT John W. Holmes; Carl Furst Cc: [EMAIL PROTECTED] Subject: Re: [PHP] strip_tags() Quandry.... Hey John; Hey Carl. I've heard this debate before; i.e. regular expressions vs. PHP string formatting functions. The problem I'm dealing with will require, I believe, a combination of preg_replace(), str_replace(), strstr(), and str_pos(). To my limited knowledge, there is no way to remove white space with PHP string functions; when I use strip_tags on a block of html text, whitespace results; thus the need for preg_replace(). The rest can most likely be taken care of with PHP string functions, although I'm running into a few headaches with user errors; i.e. when a coach types up his/her team roster and mistakenly adds extra spaces between fields (e.g. player height = 6' 2" instead of 6' 2"), or roster fields do not match up with our roster table fields (e.g. one team roster has a field for player's favorite professional athlete) -- in these cases it may be that I'll need to use regular expressions to crawl through roster string data looking for word boundaries and the like. I'm new to regular expressions to say the least -- just took the dive in yesterday; much to learn....... If either of you feel like elaborating on the pros and cons of regular expressions vs. PHP string functions, let me know. --Noah ----- Original Message ----- From: "CPT John W. Holmes" <[EMAIL PROTECTED]> To: "Carl Furst" <[EMAIL PROTECTED]>; "Noah" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, May 29, 2003 10:18 AM Subject: Re: [PHP] strip_tags() Quandry.... > Yes, no problem! Glad it worked out. you may wish to actually study the > perlre man page on perl.com. This goes into the most details and talks about > how PERL actually EXTENDS shell regular expressions significantly and > excellent resource that I have used many many times. > > I figure since PHP regexps are perl compatible, might as well go to the > source, no? > > My other suggestion is that if you are taking this HTML and putting into a > database, especially MySQL you should scrub for pipes, nulls and slashes, > hackers can exploit user input to open a tty or shell or even access user > files like /etc/passwd and mess wid ya.... here are a few regexps that do > that While I agree that regexp are powerful and useful, the examples you gave are better suited to using str_replace(), trim(), or nl2br() calls rather than a regular expression. Also, about the "warning" for inserting data into a database... try not to scare people to much. If you have column = '$value' or column = "$value" in your query, as long as you've run addslashes on $value to escape single quotes in the first case and double quotes in the second, there's no vulnerabilities. If you have column = $column then you BETTER make sure that $column is a number and only a number. When you put unquoted (unquoted within the actual SQL, not PHP) values into your SQL, that's when you open yourself up to vulnerabilities if you're not validating that the value is only a number. > For pipes: > preg_replace('/\|/g','',$html_string); > For nulls: > Preg_replace('/\0/g','',$html_string); > For slashes > preg_replace('/\//g','',$html_string); # to be clearer, you can use s!\/! > g; just so you can see where the regexp begins and ends. str_replace('|','',$html_string); etc... > Some other useful ones for data like the stuff you're doing: > Spaces at the beginning: > /^\s/ > spaces at the end: > /\s$/ trim() > <br> tags into \n > preg_replace('!\<br\>!', "\n", $string); nl2br(); ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
