Which characters should be escaped in replacement with preg_replace

Question

I've notice when the replacement has \ then the function will not work as expected. So I should escape backslash.

What other character should be escaped? I didn't succeed to find any documentation.

I can't use preg_quote() because it's used for escaping the pattern and not the replacement.

EDIT AGAIN: here is an example with single quote which show how the backslash cause problem:

 $replacement = '<head>content \0020 content</head>';
$subject = "<head>any header </head>";
$html_text = preg_replace ( "%<head>.*?</head>%s", $replacement, $subject, - 1, $count );
die ( $html_text );$subject, - 1, $count );
echo $html_text;

the above example should print : <head>content \0020 content</head>. but it's print <head>content <head>any header </head>20 content</head>

You must be very brave to use `%.*?%s` regex against a HTML document. Are you sure the HTMLs are always short enough for this regex not to overrun the backtracking buffer limit? — Wiktor Stribiżew, Dec 03 '15 at 21:54
it's not just regexes. you have to consider that you're defining PHP strings, and `\0020`, which is an octal number as far as PHP is concerned. — Marc B, Dec 03 '15 at 21:57
@stribizhev: non-greedy quantifiers do not cause backtracking. — Casimir et Hippolyte, Dec 03 '15 at 22:01
@MarcB yes you are right, that happen just with \0020 and not \ alone, what should i do to solve that ? — david, Dec 03 '15 at 22:02
@CasimiretHippolyte: What is the name of this phenomenon then when you get a catastrophical backtracking with these regexps? — Wiktor Stribiżew, Dec 03 '15 at 22:03
@stribizhev: a timeout. when for example `` doesn't exist and the string is very long. But the idea of non-greedy quantifier is to test the end of the pattern for each character before taking it. The greedy quantifier takes all it can, and give back characters (backtracking) until the end of the pattern succeeds. — Casimir et Hippolyte, Dec 03 '15 at 22:04
@CasimiretHippolyte: Is there some reference on the Web to read about it? — Wiktor Stribiżew, Dec 03 '15 at 22:05
@stribizhev: Perhaps, probably, a good explanation is in J friedl book. — Casimir et Hippolyte, Dec 03 '15 at 22:09
@stribizhev what should i use to replace html tags rather than regex ? — david, Dec 03 '15 at 22:16
I think you should read [this](http://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454) — Patrick, Dec 04 '15 at 00:38

AbraCadaver · Accepted Answer · 2015-12-03T22:13:27.317

0

\002 is an octal number that when rendered on a windows terminal displays a little smiley ☻ and then the trailing 0 from \0020. When viewed in a browser you just see the trailing 0. See Double quoted strings for the escape sequences. To use double quoted you would need to use this \\\\0020.

You can also use Single quoted strings or Nowdoc.

If you are reading this string from elsewhere you can use addslashes().

edited Dec 03 '15 at 22:13

answered Dec 03 '15 at 22:01

AbraCadaver

78,200
7
66
87

thank you for your answer, but actually i am reading the input from a post body, so i can't add single quote manually, how to change var string to be as single quoted ? – david Dec 03 '15 at 22:11
Edited, use addslashes(). – AbraCadaver Dec 03 '15 at 22:16
addslashes escape also ' & " , although there is no need to escape these character. how could i escape just the backslash ? thanks – david Dec 03 '15 at 22:36
abraCadaver , it seems that also with single quoted backslashs cause a problem, and they should be escaped , right ? i edit the question. – david Dec 04 '15 at 06:23

score -1 · Answer 2 · answered Dec 03 '15 at 21:41

-1

The following should be escaped if you are trying to match a character

\ ^ . $ | ( ) [ ]     * + ? { } ,

answered Dec 03 '15 at 21:41

thepiyush13

1,321
1
8
9

And that is for the pattern not replacement. – AbraCadaver Dec 03 '15 at 21:43
I am not sure about that, shouldn't one replace . ^ $ * + - ? ( ) [ ] { } \ | for all modern regex flavors (PCRE) which includes PHP as well – thepiyush13 Dec 03 '15 at 21:48

score -1 · Answer 3 · answered Dec 03 '15 at 21:42

-1

The documentation you're looking for is here: Meta-characters. These are the special characters that you can use in a regex, which means if you need to literally search for them, you'll need to escape them.

answered Dec 03 '15 at 21:42

haz

1,549
15
20

And that is for the pattern not replacement. – AbraCadaver Dec 03 '15 at 21:43
Of course. Nothing needs to be escaped in the regex in the replace string, only the search string. – haz Dec 03 '15 at 22:54
You might need to escape your PHP string, depending on whether you're single-quoting or double-quoting, but the regex replace string is literal. – haz Dec 03 '15 at 22:54

Which characters should be escaped in replacement with preg_replace

3 Answers3