Reputation: 4389
How to match the character '&' and replace it in php
My main problem is that some output is coming on the page with a space character written as " ". I want to replace it back with a space. I tried str_replace(" "," ",$mystr) and even preg_replace("/( )/", " ", $mystr) but to no avail. How do I do this? And more generally, if there are other html codes coming as output, like "&", is there a way to replace them with the actual character output instead of the html code?
Edit: Let me clarify a few things here: I don't want people to enter " < s c r i p t > " tags in the source of an editable page. To prevent that, we need some mechanism to escape special characters. But the problem is that some valid characters are also escaped. I want to unescape them, but also want to make sure that no security is breached.
Upvotes: 1
Views: 812
Answers (10)
Reputation: 943547
<?php
$string = "<p>Hello,& n b s p ;world</p>"; # Remove the spaces here - Stackoverflow bug doesn't let me enter the normal string.
$string = str_replace("& n b s p ;", " ", $string);
print $string;
?>
This works for me. Perhaps you were expecting it to modify the string in place instead of returning the modified version?
Upvotes: 1
Reputation: 1617
Have you tried:
$text=html_entity_decode(str_replace('& nbsp;',' ',$text));
[remove the space between the ampersand and nbsp: it's due to Stack Overflow's formatting]
It'll swap the no-breaking-spaces with normal spaces and then decode any other remaining html entities.
Upvotes: 0
Reputation: 655239
Since the trailing semicolon may be obmitted, you might want consider using a regular expression:
preg_replace("/ [;]?/", " ", $str)
You can replace [;]? by ;?. But Stack Overflow seems to replace   (this is written with a ZERO WIDTH JOINER U+200D) so I used [;]?.
Upvotes: 0
Reputation: 1914
Look at HTML Purifier. Give it a whitelist of allowed tags/attributes, and it will filter everything for you.
Upvotes: 0
Reputation: 118128
What you actually need is an HTML filter based on a proper HTML parser so you can let only specified bits and pieces of HTML be passed through by your script.
Upvotes: 0
Reputation: 12683
Are you just doing this?
str_replace(" ", " ", $mystr);
Or do you do this?
$mystr = str_replace(" ", " ", $mystr);
Both str_replace and preg_replace return a value, they don't change the string in-place.
Upvotes: 4
Reputation: 2362
I believe the function you're looking for is https://www.php.net/manual/en/function.urldecode.php urldecode
Upvotes: 0
Reputation: 11479
str_replace should replace that part of the text as it doesn't take regular expressions in account, so there is some other problem i guess
Upvotes: 1
Related Questions
- Remove the & sign using php preg_replace
- Regexp with '&' char using preg_replace
- If & is not found at the end then replace everything
- str_replace &amp;: Converting &amp; to its & character in PHP
- PHP string replace of "&"
- PHP Regex: Matching Ands - & and &amp;
- How do I replace both = and & simultaneously
- How to add '\' to each '&' with regular expressions in PHP?
- ' & " inside a php regexp
- How to convert the & character to and using PHP