How to make a regular expression for doule quotes in PHP?

Question

I have the following string which I have to pass to mysql_query() function. This sting is generated dynamically when somebody tries to search some data in my site. Now the problem is there is no ending quotes after each word.

and purpose="Buy and property_type="Home and property_nature="Residential and city =" Lahore"

I want this string to be in this form:

and purpose="Buy" and property_type="Home" and property_nature="Residential" and city =" Lahore"

Thanks

If I understand what you're trying to do, you just want to use `addslashes()` - regex is not required to escape quotes — MDEV, Sep 24 '13 at 09:05
I should mention that you shouldn't be using `mysql_*` functions - they are deprecated and have security issues. You should migrate your code to `MySQLi` or `PDO`, and make use of prepared statements — MDEV, Sep 24 '13 at 09:06
Instead of expanding your code with more bad habbits/old deprecated libraries, consider using PDO or MySQLi instead as these would not have a problem with quotes variables AT ALL, and you are much more secure against PHP upgrades/SQL injections (use prepared queries and ound variables). — h2ooooooo, Sep 24 '13 at 09:07
Sorry I dont need addslashes here. I only need " after every word. — user2702406, Sep 24 '13 at 09:07
possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Quentin, Sep 24 '13 at 09:07
I want my string to be in this form and purpose="Buy" and property_type="Home" and property_nature="Residential" and city =" Lahore" — user2702406, Sep 24 '13 at 09:09
Please update your question with an unmistakably clear explanation of your *input*, your *desired output*, why you desire this output and what problem you have in creating it. It's not clear to me what the goal is here and sounds like a possible [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem/66378#66378). — deceze, Sep 24 '13 at 09:09
**Don't** use `mysql_` family of functions! They are deprecated and insecure. Use PDO instead. That said, how did you manage to create a string like that? If you are building this query string yourself, then just build it correctly. — Aleks G, Sep 24 '13 at 09:09
Why *isn't* your string in that form to begin with?! Why do you have such weird half quotes? That needs fixing at the root, not afterwards! — deceze, Sep 24 '13 at 09:13
I have updated my question. Now it will be more clear to you. — user2702406, Sep 24 '13 at 09:13

score 0 · Answer 1 · answered Sep 24 '13 at 09:11

Use PDO and prepared statements. Perhaps something like this:


$stmt = $db->prepare('SELECT ... WHERE ... AND purpose = :purpose AND property_type = :property_type AND property_nature = :property_nature AND city = :city');

$stmt->bindParam(':purpose',         $_POST[...]);
$stmt->bindParam(':property_type',   $_POST[...]);
$stmt->bindParam(':property_nature', $_POST[...]);
$stmt->bindParam(':city',            $_POST[...]);

$stmt->execute();

$data = $stmt->fetch(PDO::FETCH_ASSOC);

score 0 · Answer 2 · answered Sep 24 '13 at 09:12

0

If you want to use old API, the solution is mysql_real_escape_string. Though, I recommend looking at newer approaches and binding of variables.

answered Sep 24 '13 at 09:12

Xilexio

1,178
19
40

score 0 · Accepted Answer · answered Sep 24 '13 at 11:23

Not knowing why you would want to do this and not just fix the string when you create it, you're probably looking for a regex such as /(?<!") and/ using a negative lookbehind:

$string = 'and purpose="Buy and property_type="Home" and property_nature="Residential and city =" Lahore"';
$string = preg_replace('/(?<!") and/', $string);
var_dump($string);

Which gives

and purpose="Buy" and property_type="Home" and property_nature="Residential" and city =" Lahore"

Codepad demo.

Regex 101 demo

This also automatically doesn't change "Home" and to "Home"" and as it makes sure that there isn't a quote already.

How to make a regular expression for doule quotes in PHP?

3 Answers3