how prevent preg_replace in PHP from stripping out some special characters

Question

My software uses the following before performing a search on a mySQL database:

$keywords_search = preg_replace("/[^a-zA-Z0-9 ]/", "", $keywords_search);

The problem is that it's stripping out words that users may use in other languages, like "españa" (spanish) due to the "ñ" character which is very common.

Is there any way to allow certain special characters in preg_replace?

http://www.regular-expressions.info/unicode.html – Mark Baker Sep 26 '13 at 14:14 — Mark Baker, Sep 26 '13 at 14:14

score 0 · Answer 1 · edited May 23 '17 at 10:32

If you want to make sure your keyword does not contain any malicious code, that's not a way to go, you should read this:

How can I prevent sql injection in php

If you just want to filter your search phrase, you can use the \p{L} pattern to match any letter and \p{N} to much any numeric character. Also you should use u modifier like this: /\p{L}+/u

Also be sure to check this question:

Regular expression \p{L} and \p{N}

score 0 · Answer 2 · answered Sep 26 '13 at 14:16

0

You can try with this one

$keywords_search = preg_replace("/[^\w-\p{L}\p{N}\p{Pd}]/", "", $keywords_search);

This will match anything that's NOT an alphanumeric character (including UTF-8 letters) as well as the dash (-).

answered Sep 26 '13 at 14:16

Suvash sarker

3,140
1
18
21

dash is included in `\p{Pd}` (not sure for underscore) and `\w` is included in `[\pL\PN]` so it becomes : `[^\pL\pN\p{Pd}_]` – Toto Sep 26 '13 at 14:32

how prevent preg_replace in PHP from stripping out some special characters

2 Answers2